Latest CVE Feed
-
5.9
MEDIUMCVE-2025-61881
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to com... Read more
- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
5.9
MEDIUMCVE-2025-11680
Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2025-11679
Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visit... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2025-54549
Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO... Read more
Affected Products : danz_monitoring_fabric- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
5.9
MEDIUMCVE-2025-12695
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Misconfiguration
-
5.9
MEDIUMCVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault... Read more
Affected Products : postgresql- Published: Nov. 13, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2025-40843
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by th... Read more
Affected Products : codechecker- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2025-62782
InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.3-SNAPSHOT and earlier contain a vulnerability where GUIs using GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on ... Read more
Affected Products : inventorygui- Published: Oct. 27, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Misconfiguration
-
5.9
MEDIUMCVE-2025-12657
The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.... Read more
Affected Products : mongodb- Published: Nov. 03, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2025-60695
A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). The function sub_4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provid... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2025-12436
Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium securit... Read more
- Published: Nov. 10, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Information Disclosure
-
5.9
MEDIUMCVE-2025-64200
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for... Read more
Affected Products : woocommerce_email_template_customizer- Published: Oct. 29, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-64264
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman Popup addon for Ninja Forms popup-addon-for-ninja-forms allows Stored XSS.This issue affects Popup addon for Ninja Forms: from n/a through <= 3.5.1.... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-59089
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While ... Read more
- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Server-Side Request Forgery
-
5.9
MEDIUMCVE-2025-64291
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.... Read more
Affected Products : medikaid- Published: Oct. 29, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-49912
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nks Email Subscription Popup email-subscribe allows Stored XSS.This issue affects Email Subscription Popup: from n/a through <= 1.2.26.... Read more
Affected Products : email_subscription_popup- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
5.8
MEDIUMCVE-2025-13075
A vulnerability was detected in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/usersettingdel.php. Performing manipulation of the argument eid results in sql injection. Remote exploitation of the attack is poss... Read more
Affected Products : responsive_hotel_site- Published: Nov. 12, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-12856
A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit ... Read more
Affected Products : responsive_hotel_site- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-64714
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If `templateselection` is enabled ... Read more
Affected Products : privatebin- Published: Nov. 13, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Path Traversal
-
5.8
MEDIUMCVE-2025-53047
Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Bonjou... Read more
- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025