Latest CVE Feed
-
6.5
MEDIUMCVE-2025-0277
HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-11438
A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing authorization. The attack may be launched remotely. The ex... Read more
Affected Products : opnform- Published: Oct. 08, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-40888
A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, pote... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-40885
A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web applica... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-40887
A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, po... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-10720
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker... Read more
Affected Products : wp_private_content_plus- Published: Oct. 13, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-62508
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function... Read more
Affected Products : citizen- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62386
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62389
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-11623
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62383
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62384
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62385
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62387
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62388
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62392
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-10660
The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-9549
Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.... Read more
Affected Products : facets- Published: Oct. 10, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-37148
A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-9551
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0.... Read more
Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Authentication