Latest CVE Feed
-
6.5
MEDIUMCVE-2025-54967
An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious file can trigger a variety of outbound requests, potenti... Read more
Affected Products : socet_gxp- Published: Oct. 27, 2025
- Modified: Oct. 31, 2025
- Vuln Type: XML External Entity
-
6.5
MEDIUMCVE-2025-12344
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted u... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-6239
Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.... Read more
Affected Products : manageengine_applications_manager- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-8048
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document I... Read more
Affected Products : flipper- Published: Oct. 20, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-60708
Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
6.5
MEDIUMCVE-2025-61464
gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php.... Read more
Affected Products : gnuboard- Published: Oct. 23, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-0276
HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-62967
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designinvento DirectoryPress directorypress allows DOM-Based XSS.This issue affects DirectoryPress: from n/a through <= 3.6.25.... Read more
Affected Products : directorypress- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-49940
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows DOM-Based XSS.This issue affects Fusion Builder: from n/a through <= 3.13.2.... Read more
Affected Products : avada- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-49939
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.8.... Read more
Affected Products : jetelements_for_elementor- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-33126
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5,... Read more
Affected Products : linux_kernel aix windows db2_high_performance_unload_load linux_on_ibm_z db2_high_performance_unload- Published: Oct. 28, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-57164
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field.... Read more
Affected Products : flowise- Published: Oct. 17, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-12266
A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function _empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-59259
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025
-
6.5
MEDIUMCVE-2025-60852
A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue co... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-60540
karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF).... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2025-59244
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
6.5
MEDIUMCVE-2025-62983
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sudar Muthu Posts By Tag posts-by-tag allows Stored XSS.This issue affects Posts By Tag: from n/a through <= 3.2.1.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58739
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Nov. 06, 2025
-
6.5
MEDIUMCVE-2025-62885
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through <= 8.5.42.... Read more
Affected Products : wp_vr- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting