Latest CVE Feed
-
6.0
MEDIUMCVE-2023-53689
Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting (XSS) vulnerability in the license key configuration flow that can result in execution of attacker-controlled script in the browser of a user who follows a crafted URL. While t... Read more
Affected Products : fusion- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.0
MEDIUMCVE-2025-62522
Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by s... Read more
Affected Products : vite- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
6.0
MEDIUMCVE-2025-12390
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during l... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authentication
-
6.0
MEDIUMCVE-2025-62591
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wh... Read more
Affected Products : vm_virtualbox- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
-
6.0
MEDIUMCVE-2025-64346
archives is a Go library for extracting archives (tar, zip, etc.). Version 1.0.0 does not prevent a malicious user to feed a specially crafted archive to the library causing RCE, modification of files or other malignancies in the context of whatever the u... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Denial of Service
-
5.9
MEDIUMCVE-2025-12194
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive A... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Denial of Service
-
5.9
MEDIUMCVE-2025-61881
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to com... Read more
- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
5.9
MEDIUMCVE-2025-40843
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by th... Read more
Affected Products : codechecker- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2025-11380
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everest_process_status' AJAX action in all versions up to, and inc... Read more
Affected Products : everest_backup- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-53057
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Orac... Read more
- Published: Oct. 21, 2025
- Modified: Nov. 03, 2025
-
5.9
MEDIUMCVE-2025-62782
InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.3-SNAPSHOT and earlier contain a vulnerability where GUIs using GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on ... Read more
Affected Products : inventorygui- Published: Oct. 27, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Misconfiguration
-
5.9
MEDIUMCVE-2025-12058
The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF). This vulnerability stems from the way the StringLookup... Read more
Affected Products : keras- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Path Traversal
-
5.9
MEDIUMCVE-2025-64291
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-58297
Buffer overflow vulnerability in the sensor service. Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Oct. 11, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2025-64289
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-12695
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Misconfiguration
-
5.9
MEDIUMCVE-2025-54549
Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO... Read more
Affected Products : danz_monitoring_fabric- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
5.9
MEDIUMCVE-2025-11679
Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visit... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2025-62710
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a... Read more
Affected Products : sakai- Published: Oct. 22, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cryptography
-
5.9
MEDIUMCVE-2025-5350
SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side requ... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Server-Side Request Forgery