Latest CVE Feed
-
6.1
MEDIUMCVE-2025-12334
A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument prod_name/prod_desc/prod_cost results in cross site scripting. It is possible to launch... Read more
Affected Products : e-commerce_website- Published: Oct. 27, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-12335
A vulnerability was determined in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_update.php. This manipulation of the argument supp_name/supp_address causes cross site scripting... Read more
Affected Products : e-commerce_website- Published: Oct. 28, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-12450
The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker... Read more
Affected Products : litespeed_cache- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-43280
The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-55098
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of an USB audio device.... Read more
Affected Products : threadx_usbx- Published: Oct. 17, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-62267
Multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 a... Read more
- Published: Oct. 31, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-11712
A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files withou... Read more
- Published: Oct. 14, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-55097
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of an USB streaming device.... Read more
Affected Products : threadx_usbx- Published: Oct. 17, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-55096
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get() when parsing a descriptor of an USB HID device.... Read more
- Published: Oct. 17, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-54969
An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to subm... Read more
Affected Products : socet_gxp- Published: Oct. 27, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.1
MEDIUMCVE-2025-10927
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Plausible tracking allows Cross-Site Scripting (XSS).This issue affects Plausible tracking: from 0.0.0 before 1.0.2.... Read more
Affected Products : drupal- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-61454
A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitra... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-61255
Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting (XSS) vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection, potentially resulting in information disclosure and us... Read more
Affected Products : bank_locker_management_system- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-60280
Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacke... Read more
Affected Products : bang_resto- Published: Oct. 21, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.0
MEDIUMCVE-2025-53950
An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Information Disclosure
-
6.0
MEDIUMCVE-2025-62592
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wh... Read more
Affected Products : vm_virtualbox- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
-
6.0
MEDIUMCVE-2025-62591
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wh... Read more
Affected Products : vm_virtualbox- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
-
6.0
MEDIUMCVE-2025-62522
Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by s... Read more
Affected Products : vite- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
6.0
MEDIUMCVE-2025-12148
In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on fields of type IP (IP Address). While the content of these fields is properly redacted in the _source document returned by search operations, the results do r... Read more
Affected Products : search_guard_flx- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
6.0
MEDIUMCVE-2025-37149
A potential out-of-bound reads vulnerability in HPE ProLiant RL300 Gen11 Server's UEFI firmware.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption