Latest CVE Feed
-
6.5
MEDIUMCVE-2025-62386
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-52752
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeAtelier IDonatePro idonate-pro allows Retrieve Embedded Sensitive Data.This issue affects IDonatePro: from n/a through <= 2.1.9.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-62042
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through <= 5.10.3.... Read more
Affected Products : event_post- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-54957
An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buf... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-11372
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permission... Read more
Affected Products : learnpress- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-61754
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Service API). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via ... Read more
Affected Products : bi_publisher- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
6.5
MEDIUMCVE-2025-49929
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows Stored XSS.This issue affects Ultimate Blocks: from n/a through <= 3.3.6.... Read more
Affected Products : ultimate_blocks- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-10249
The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions in all versions up to, and including, 6.7.37. This makes it possible for authenticated attacker... Read more
Affected Products : slider_revolution- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-33096
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion.... Read more
- Published: Oct. 12, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-56450
Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the `lead_id` parameter in the `/l2s/api/selfcareLeadHistory` endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulti... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-56799
Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user wer... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-49927
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetWooBuilder jet-woo-builder allows Stored XSS.This issue affects JetWooBuilder: from n/a through <= 2.1.20.1.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-59259
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
6.5
MEDIUMCVE-2025-60265
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability.... Read more
Affected Products : xckk- Published: Oct. 09, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-60266
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability.... Read more
Affected Products : xckk- Published: Oct. 09, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-57164
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field.... Read more
Affected Products : flowise- Published: Oct. 17, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-12249
A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. The impacted element is an unknown function of the component Edit Ticket Page. Performing manipulation of the argument Title results in csv injection. It is possible to initiate ... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-60514
Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts.... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62985
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through <= 1.6.3.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58717
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025