Latest CVE Feed
-
5.5
MEDIUMCVE-2025-10651
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'order_mail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the order_mail field and a lack of escaping on out... Read more
Affected Products : welcart_e-commerce- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-64182
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the lega... Read more
Affected Products : openexr- Published: Nov. 10, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-61840
Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue ... Read more
Affected Products : format_plugins- Published: Nov. 11, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-60753
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory cra... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2020-36855
A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to app... Read more
Affected Products : dcmtk- Published: Oct. 21, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2022-4981
A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be a... Read more
Affected Products : dcmtk- Published: Oct. 21, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-62276
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported vers... Read more
- Published: Nov. 01, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-61843
Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue ... Read more
Affected Products : format_plugins- Published: Nov. 11, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-35981
Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects C... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-34316
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txt_mailuser and txt_mailpass parameters when updating the mail... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-11844
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in src/smolagents/vision_web_browser.py. The function constructs an XPath query by directly concatenating user-supplied input into ... Read more
Affected Products : smolagents- Published: Oct. 22, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-63443
School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.... Read more
Affected Products :- Published: Nov. 03, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-64368
Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 1.6.... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.4
MEDIUMCVE-2025-64690
In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes... Read more
Affected Products : youtrack- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
5.4
MEDIUMCVE-2025-10749
The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. T... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2020-36858
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker... Read more
Affected Products : log_server- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-64285
Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-62966
Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through <= 1.3.6.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-34314
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constrain... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-12435
Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Nov. 10, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting