Latest CVE Feed
-
6.0
MEDIUMCVE-2025-49643
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.... Read more
Affected Products : zabbix- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Denial of Service
-
6.1
MEDIUMCVE-2025-66036
Retro is an online platform providing items of vintage collections. Prior to version 2.4.7, Retro is vulnerable to a cross-site scripting (XSS) in the input handling component. This issue has been patched in version 2.4.7.... Read more
Affected Products :- Published: Nov. 29, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-13793
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header_menu.php of the component GET Parameter Handler. Executing... Read more
Affected Products :- Published: Nov. 30, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Cross-Site Scripting
-
8.0
HIGHCVE-2025-12638
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall() method without the security-critical f... Read more
Affected Products : keras- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Path Traversal
-
8.4
HIGHCVE-2025-64772
The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.... Read more
Affected Products :- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Misconfiguration