Latest CVE Feed
-
5.4
MEDIUMCVE-2025-63065
Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media Library Assistant media-library-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library Assistant: from n/a th... Read more
Affected Products : media_library_assistant- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-63064
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through <= 4.9.12.... Read more
Affected Products : eventon-lite- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-63063
Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through <= 1.2.2.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-63060
Cross-Site Request Forgery (CSRF) vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.2.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-63037
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows DOM-Based XSS.This issue affects Ronneby Theme Core: from n/a through <= 1.5.68.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-40343
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid scheduling association deletion twice When forcefully shutting down a port via the configfs interface, nvmet_port_subsys_drop_link() first calls nvmet_port_del_ctrls() a... Read more
Affected Products : linux_kernel- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Race Condition
-
6.5
MEDIUMCVE-2025-63045
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider Pro masterslider allows DOM-Based XSS.This issue affects Master Slider Pro: from n/a through <= 3.7.12.... Read more
Affected Products : master_slider- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-40336
In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm: fix hmm_pfn_to_map_order() usage Handle the case where the hmm range partially covers a huge page (like 2M), otherwise we can potentially end up doing something nasty like m... Read more
Affected Products : linux_kernel- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40341
In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robust_list pointer on exec race sys_get_robust_list() and compat_get_robust_list() use ptrace_may_access() to check if the calling task is allowed to access another t... Read more
Affected Products : linux_kernel- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Race Condition
-
5.4
MEDIUMCVE-2025-6924
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-64658
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
-
6.5
MEDIUMCVE-2025-67535
Deserialization of Untrusted Data vulnerability in WePlugins - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through <= 4.8.6.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-33213
NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosur... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-67575
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through <= 2.4.1.... Read more
Affected Products : sitewide_notice_wp- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67580
Missing Authorization vulnerability in Constant Contact Constant Contact + WooCommerce constant-contact-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact + WooCommerce: from n/a through... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-9368
A security issue exists within 432ES-IG3 Series A, which affects GuardLink® EtherNet/IP Interface, resulting in denial-of-service. A manual power cycle is required to recover the device.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Denial of Service
-
4.3
MEDIUMCVE-2025-13924
The Advanced Product Fields (Product Addons) for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or incorrect nonce validation on the 'maybe_duplicate' funct... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-34413
Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-67574
Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a... Read more
Affected Products : booking_calendar- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2023-22675
Cross-Site Request Forgery (CSRF) vulnerability in Taylor Hawkes WP Fast Cache allows Cross Site Request Forgery.This issue affects WP Fast Cache: from n/a through 1.5.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Request Forgery