Latest CVE Feed
-
6.5
MEDIUMCVE-2025-14185
A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The ... Read more
Affected Products :- Published: Dec. 07, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-68389
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP ... Read more
Affected Products : kibana- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-49902
Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Cus... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-63066
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through <= 3.6.2.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-15050
A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remote... Read more
Affected Products : student_file_management_system- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-65405
A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.... Read more
Affected Products : streaming_media- Published: Dec. 01, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-67560
Missing Authorization vulnerability in Webilia Inc. Listdom listdom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listdom: from n/a through <= 5.0.1.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-13875
A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation o... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-20759
In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User int... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-65408
A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.... Read more
Affected Products : streaming_media- Published: Dec. 01, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-63042
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through <= 3.0.1.... Read more
Affected Products : tutor_lms_elementor_addons- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-15209
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the argument a/b/c/d causes sql injection. The attack may be initiated remotely. The expl... Read more
Affected Products : refugee_food_management_system- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-68381
Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid ... Read more
Affected Products : packetbeat- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-12689
Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request.... Read more
Affected Products : mattermost_server- Published: Dec. 17, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-68607
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.7.5.... Read more
Affected Products : custom_field_template- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-67546
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6.... Read more
Affected Products : wp_erp- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-26489
Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before... Read more
- Published: Dec. 08, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-15135
A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-68559
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor).This issue affects TheGem Theme Elements (for Elementor): from n/a through 5.10.5.1.... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-63064
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through <= 4.9.12.... Read more
Affected Products : eventon-lite- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting