Latest CVE Feed
-
6.4
MEDIUMCVE-2025-11814
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to... Read more
Affected Products : ultimate_addons_for_wpbakery_page_builder- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Scripting
-
6.0
MEDIUMCVE-2025-10699
A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.... Read more
Affected Products : lecloud_client- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-10700
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the enable_unfiltered_files_upload function. Thi... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.5
HIGHCVE-2025-10576
Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabil... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration