Latest CVE Feed
-
5.3
MEDIUMCVE-2025-11979
An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-60925
codeshare v1.0.0 was discovered to contain an information leakage vulnerability.... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-62524
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information dis... Read more
Affected Products : pilos- Published: Oct. 27, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-55342
Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiar_password_olvido_validar.php txt_login parameter.... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-62884
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coupon Affiliates: from n/a through <= 7.0.3.... Read more
Affected Products : coupon_affiliates- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-46583
There is a Denial of Service(DoS)vulnerability in the ZTE MC889A Pro product. Due to insufficient validation of the input parameters of the Short Message Service interface, allowing an attacker to exploit it to carry out a DoS attack.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-12353
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relyin... Read more
Affected Products :- Published: Nov. 08, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-13120
A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public ... Read more
Affected Products : mruby- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-10694
The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `maybe_load_onboarding_wizard` function in all versions up ... Read more
Affected Products : userfeedback- Published: Oct. 25, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12921
A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xml_file ... Read more
Affected Products :- Published: Nov. 10, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-64485
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existin... Read more
Affected Products : computer_vision_annotation_tool- Published: Nov. 08, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-11564
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook signatures on the "verifyAndCreateOrderData" function in all versions... Read more
Affected Products : tutor_lms- Published: Oct. 25, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-64323
kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration dat... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-12267
A flaw has been found in abhicodebox ModernShop 20250922. This issue affects some unknown processing of the file /search. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from remote. The exploit has b... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-46413
Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker.... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cryptography
-
5.3
MEDIUMCVE-2025-10638
The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-62977
Missing Authorization vulnerability in 沃之涛 百度站长SEO合集(支持百度/神马/Bing/头条推送) baiduseo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 百度站长SEO合集(支持百度/神马/Bing/头条推送): from n/a through <= 2.1.3.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-62897
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Code Injection.This issue affects WP Recipe Maker: from n/a through <= 10.1.1.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-11996
The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fui_delete_image() and fui_delete_all_images() functiosn in all versions up to, and including, 1.0.7. This makes it possible fo... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-60729
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function... Read more
Affected Products : perfreeblog- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Path Traversal