Latest CVE Feed
-
6.5
MEDIUMCVE-2025-13118
A vulnerability was detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be laun... Read more
Affected Products : mall- Published: Nov. 13, 2025
- Modified: Nov. 15, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-13251
A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.... Read more
Affected Products :- Published: Nov. 16, 2025
- Modified: Nov. 16, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-11974
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create a denial of service condition by uploading large files ... Read more
Affected Products : gitlab- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-36008
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources.... Read more
Affected Products : db2- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-64380
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.3.2.... Read more
Affected Products : booster_for_woocommerce- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-13250
A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotel... Read more
Affected Products :- Published: Nov. 16, 2025
- Modified: Nov. 16, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-64320
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.... Read more
Affected Products : agentforce_vibes_extension- Published: Nov. 04, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13249
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unr... Read more
Affected Products :- Published: Nov. 16, 2025
- Modified: Nov. 16, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-33131
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.... Read more
Affected Products : linux_kernel aix windows db2_high_performance_unload_load linux_on_ibm_z db2_high_performance_unload- Published: Oct. 28, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-64493
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind (time-based) SQL-injection inside the appMetadata-operation of the GraphQL-API. Thi... Read more
Affected Products : suitecrm- Published: Nov. 08, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62042
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through <= 5.10.3.... Read more
Affected Products : event_post- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-64262
Cross-Site Request Forgery (CSRF) vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through <= 3.0.0.... Read more
Affected Products : auto_prune_posts- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-62914
Missing Authorization vulnerability in anibalwainstein Effect Maker effect-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Effect Maker: from n/a through <= 1.2.1.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-47221
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 2 of 3.... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-13246
A vulnerability was identified in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Impacted is the function JwtAuthenticationFilter of the file src/main/java/com/suisung/shopsuite/common/security/JwtAuthenticationFilter.ja... Read more
Affected Products :- Published: Nov. 16, 2025
- Modified: Nov. 16, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-33132
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to.... Read more
Affected Products : linux_kernel aix windows db2_high_performance_unload_load linux_on_ibm_z db2_high_performance_unload- Published: Oct. 28, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-47220
Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 1 of 3.... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-10930
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.... Read more
Affected Products : drupal- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-12931
A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID results in sql injection. It is possible to launch t... Read more
Affected Products :- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-56503
An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with a crafted binary in the installation folder.... Read more
Affected Products :- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization