Latest CVE Feed
-
5.4
MEDIUMCVE-2025-11421
A flaw has been found in code-projects Voting System 1.0. The affected element is an unknown function of the file /admin/candidates_edit.php. This manipulation of the argument Firstname/Lastname/Platform causes cross site scripting. Remote exploitation of... Read more
Affected Products : voting_system- Published: Oct. 08, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-53048
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network... Read more
Affected Products : peoplesoft_enterprise_peopletools- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
-
5.4
MEDIUMCVE-2025-34315
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOG_ADDR parameter when updating the remote syslog server... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-54760
Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser.... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-26392
SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-61931
Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.... Read more
Affected Products : pleasanter- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-20304
Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-36085
IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more
- Published: Oct. 28, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Server-Side Request Forgery
-
5.4
MEDIUMCVE-2025-11617
A missing validation check in FreeRTOS-Plus-TCP's IPv6 packet processing code can lead to an out-of-bounds read when receiving a IPv6 packet with incorrect payload lengths in the packet header. This issue only affects applications using IPv6. We recommen... Read more
Affected Products : freertos-plus-tcp- Published: Oct. 10, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-11844
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in src/smolagents/vision_web_browser.py. The function constructs an XPath query by directly concatenating user-supplied input into ... Read more
Affected Products : smolagents- Published: Oct. 22, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-55758
Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered.... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.4
MEDIUMCVE-2025-11616
A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. These issues only affect applications using ... Read more
Affected Products : freertos-plus-tcp- Published: Oct. 10, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-34302
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a ... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-10727
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS.This issue affects AcBakImzala: before v5.1.4.... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-60982
IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belongi... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-10749
The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. T... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-34314
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constrain... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-62913
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpopal Opal Service opal-service allows Stored XSS.This issue affects Opal Service: from n/a through <= 1.9.1.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-62904
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Huson WP Geo wp-geo allows Stored XSS.This issue affects WP Geo: from n/a through <= 3.5.1.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-62894
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magicoders ACF Recent Posts Widget acf-recent-posts-widget allows Stored XSS.This issue affects ACF Recent Posts Widget: from n/a through <= 5.9.3.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Cross-Site Scripting