Latest CVE Feed
-
6.5
MEDIUMCVE-2025-36912
In cellular modem, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products : android- Published: Dec. 11, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-63212
GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retr... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-63512
kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize user-supplied input from the demail parameter before incorp... Read more
Affected Products : hospital_management_system- Published: Nov. 18, 2025
- Modified: Nov. 20, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-63513
kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functionality.... Read more
Affected Products : hospital_management_system- Published: Nov. 18, 2025
- Modified: Nov. 20, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-63214
An issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to delete and create arbitrary accounts.... Read more
- Published: Nov. 19, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-66090
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through <= 2.5.... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-66091
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.1.5.... Read more
Affected Products : stylish_cost_calculator- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-66098
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Camille V Travelers' Map travelers-map allows Stored XSS.This issue affects Travelers' Map: from n/a through <= 2.3.2.... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-66073
Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through <= 3.3.8.... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-10938
The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uip_process_block_query' AJAX function. This makes it possible for authent... Read more
Affected Products : uipress_lite- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-66053
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows Stored XSS.This issue affects Enfold: from n/a through <= 7.1.2.... Read more
Affected Products : enfold- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via $data->c... Read more
Affected Products : phppgadmin- Published: Nov. 20, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-36371
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view.... Read more
Affected Products : i- Published: Nov. 19, 2025
- Modified: Nov. 24, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-60684
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and const... Read more
- Published: Nov. 13, 2025
- Modified: Nov. 24, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-63953
A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.... Read more
Affected Products :- Published: Nov. 24, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-63914
An issue was discovered in Cinnamon kotaemon 0.11.0. The _may_extract_zip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared ... Read more
Affected Products :- Published: Nov. 24, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-36917
In SwDcpItg of up_L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation... Read more
Affected Products : android- Published: Dec. 11, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-65032
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference (IDOR) vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or... Read more
Affected Products : rallly- Published: Nov. 19, 2025
- Modified: Nov. 24, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-8994
The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completed_at_operator’ parameter in all versions up to, and includin... Read more
Affected Products :- Published: Nov. 15, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-60633
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.... Read more
- Published: Nov. 24, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Denial of Service