Latest CVE Feed
-
6.5
MEDIUMCVE-2025-62990
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Beaver Builder addons-for-beaver-builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a t... Read more
Affected Products : beaver_builder_addons- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62759
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Series allows Stored XSS.This issue affects Series: from n/a through 2.0.1.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62742
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Curator.Io allows Stored XSS.This issue affects Curator.Io: from n/a through 1.9.5.... Read more
Affected Products : curator.io- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-21960
Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTT... Read more
Affected Products : applications_dba- Published: Jan. 20, 2026
- Modified: Jan. 21, 2026
-
6.5
MEDIUMCVE-2026-22770
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set ... Read more
Affected Products : imagemagick- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-21923
Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications (component: Platform). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with net... Read more
Affected Products : life_sciences_central_designer- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
-
6.5
MEDIUMCVE-2026-21949
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to ... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 21, 2026
-
6.5
MEDIUMCVE-2026-0961
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service... Read more
Affected Products : wireshark- Published: Jan. 14, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-62125
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshul Gangrade Custom Background Changer custom-background-changer allows Stored XSS.This issue affects Custom Background Changer: from n/a through 3.0.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-63005
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 10.7.9.... Read more
Affected Products : wordpress_tooltips- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62752
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kalender.Digital Calendar.Online / Kalender.Digital allows DOM-Based XSS.This issue affects Calendar.Online / Kalender.Digital: from n/a through 1.0.11.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-21980
Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applications (component: Platform). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo... Read more
Affected Products : life_sciences_central_coding- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
-
6.5
MEDIUMCVE-2025-62135
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in landwire Responsive Block Control allows DOM-Based XSS.This issue affects Responsive Block Control: from n/a through 1.2.9.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-0959
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service... Read more
Affected Products : wireshark- Published: Jan. 14, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-0949
PEM versions prior to 9.8.1 are affected by a stored Cross-site Scripting (XSS) vulnerability that allows users with access to the Manage Charts menu to inject arbitrary JavaScript when creating a new chart, which is then executed by any user accessing th... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-21970
Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications (component: Platform). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows low privileged attacker with netw... Read more
Affected Products : life_sciences_central_designer- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
-
6.5
MEDIUMCVE-2025-49358
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ruhul Amin Content Fetcher allows DOM-Based XSS.This issue affects Content Fetcher: from n/a through 1.1.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62761
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BasePress Knowledge Base documentation & wiki plugin – BasePress allows Stored XSS.This issue affects Knowledge Base documentation & wiki plugin – BasePr... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-15020
The Gotham Block Extra Light plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.5.0 via the 'ghostban' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, ... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-1062
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the ... Read more
Affected Products :- Published: Jan. 17, 2026
- Modified: Jan. 17, 2026
- Vuln Type: Server-Side Request Forgery