Latest CVE Feed
-
6.5
MEDIUMCVE-2025-60247
Missing Authorization vulnerability in Bux Bux Woocommerce bux-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bux Woocommerce: from n/a through <= 1.2.3.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-62949
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Stored XSS.This issue affects Activity Plus Reloaded for BuddyPress: from... Read more
Affected Products : activity_plus_reloaded_for_buddypress- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-43440
This issue was addressed with improved checks This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-62012
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor) thegem-elementor.This issue affects TheGem (Elementor): from n/a through <= 5.10.5.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62983
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sudar Muthu Posts By Tag posts-by-tag allows Stored XSS.This issue affects Posts By Tag: from n/a through <= 3.2.1.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-10875
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.... Read more
Affected Products : mulesoft_anypoint_code_builder- Published: Nov. 04, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-60319
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2025-64361
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows DOM-Based XSS.This issue affects Consulting Elementor Widgets: from n/a t... Read more
Affected Products : consulting_elementor_widgets- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-11374
Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise ... Read more
Affected Products : consul- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-62030
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tagDiv Composer: from n/a through <= 5.4.1.... Read more
Affected Products : composer- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2024-47118
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with ... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-12890
Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF triggers a crash. The peripheral will not be connectable after it.... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-11740
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the Subscriptions Manager in all versions up to, and including, 2.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S... Read more
Affected Products : wpforo_forum- Published: Nov. 01, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-64208
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Jannah - Extensions jannah-extensions allows DOM-Based XSS.This issue affects Jannah - Extensions: from n/a through <= 1.1.4.... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62032
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.This issue affects tagDiv Cloud Library: from n/a through < 3.9.2.... Read more
Affected Products : cloud_library- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-9544
The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate add... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2024-13998
Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password has... Read more
- Published: Nov. 03, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-62044
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.10.5.1.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-12328
A vulnerability was identified in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. Impacted is an unknown function of the file /contestproblem.php. Such manipulation of the argument Name leads to sql injection. The attack may be launched ... Read more
Affected Products : ruet_oj- Published: Oct. 27, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-11716
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration