Latest CVE Feed
-
0.0
NACVE-2022-50723
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix memory leak in bnxt_nvm_test() Free the kzalloc'ed buffer before returning in the success path.... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
5.1
MEDIUMCVE-2018-25149
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify sy... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.8
HIGHCVE-2025-68585
Missing Authorization vulnerability in Ben Balter WP Document Revisions wp-document-revisions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Document Revisions: from n/a through <= 3.7.2.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-68590
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n... Read more
Affected Products : database_for_contact_form_7\,_wpforms\,_elementor_forms- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-68581
Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through <= 1.0.1... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-68580
Cross-Site Request Forgery (CSRF) vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery.This issue affects Advanced Classifieds & Directory Pro: from n/a through <= 3.2.9... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.1
HIGHCVE-2025-68579
Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through <= 1.9.6.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-68594
Missing Authorization vulnerability in Assaf Parag Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin b... Read more
Affected Products : poll\,_survey_\&_quiz_maker- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-68565
Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through <= 2.1.3.... Read more
Affected Products : twitch_player- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2025-68535
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.1.... Read more
Affected Products : sunshine_photo_cart- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-68533
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WC Builder wc-builder allows Stored XSS.This issue affects WC Builder: from n/a through <= 1.2.0.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-68529
Cross-Site Request Forgery (CSRF) vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery.This issue affects WP Email Capture: from n/a through <= 3.12.5.... Read more
Affected Products : wp_email_capture- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.4
MEDIUMCVE-2025-68527
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kodezen LLC Academy LMS academy allows Stored XSS.This issue affects Academy LMS: from n/a through <= 3.4.0.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-68519
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Blind SQL Injection.This issue affects Brands for WooCommerce: from n/a through <= 3.8.6.3.... Read more
Affected Products : brands_for_woocommerce- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-68516
Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1.... Read more
Affected Products : tablesome- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2025-68509
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Jeff Starr User Submitted Posts user-submitted-posts allows Phishing.This issue affects User Submitted Posts: from n/a through <= 20251121.... Read more
Affected Products : user_submitted_posts- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
9.1
CRITICALCVE-2025-68500
Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through <= 4.0.10.... Read more
Affected Products : prime_slider- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Server-Side Request Forgery
-
5.4
MEDIUMCVE-2025-68497
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through <= 1.2.16.... Read more
Affected Products : astra_widgets- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-67909
Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n... Read more
Affected Products : membership_for_woocommerce- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2025-67632
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Plugin Factory Google AdSense for Responsive Design – GARD google-adsense-for-responsive-design-gard allows DOM-Based XSS.This issue affects Go... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting