Latest CVE Feed
-
6.5
MEDIUMCVE-2025-13378
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ays_chatgpt_pinecone_upsert function. This makes it possible for unauthenticated... Read more
Affected Products : chatgpt_assistant- Published: Nov. 27, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2025-13796
A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument u... Read more
Affected Products :- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2025-65404
A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.... Read more
Affected Products : streaming_media- Published: Dec. 01, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-65403
A buffer overflow in the g_cfg.MaxUsers component of LightFTP v2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products : lightftp- Published: Dec. 01, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-63095
Improper input validation in the BitstreamWriter::write_bits() function of Tempus Ex hello-video-codec v0.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products : hello-video-codec- Published: Dec. 01, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-13835
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.19.... Read more
Affected Products : arconix_shortcodes- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58477
Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more
Affected Products : android- Published: Dec. 02, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-63523
FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to... Read more
Affected Products : feehicms- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-13875
A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation o... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-58113
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially le... Read more
Affected Products : pdf-xchange_editor- Published: Dec. 02, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-65406
A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.... Read more
Affected Products : streaming_media- Published: Dec. 01, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-13359
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the "getTermsForAjax" function in all versions up to, and including, 3.40.1. This is due to insufficient escaping on th... Read more
Affected Products : taxopress- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-57200
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-65956
Formwork is a flat file-based Content Management System (CMS). Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting (XSS). Any user with credentials to the Formwork CMS who accesses or edits an ... Read more
Affected Products : formwork- Published: Nov. 26, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-20389
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles coul... Read more
- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-65113
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - #164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content (users, videos, photos, collections) on the platfo... Read more
Affected Products : clipbucket- Published: Nov. 29, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-66424
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.... Read more
Affected Products : trytond- Published: Nov. 30, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-65657
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without suf... Read more
Affected Products : feehicms- Published: Dec. 02, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-61727
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *... Read more
Affected Products : go- Published: Dec. 03, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-13809
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoControlle... Read more
Affected Products : orion-ops- Published: Dec. 01, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Server-Side Request Forgery