Latest CVE Feed
-
5.3
MEDIUMCVE-2025-42897
Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application ... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-64407
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used to transmit syste... Read more
Affected Products : openoffice- Published: Nov. 12, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2024-45301
Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can speci... Read more
Affected Products : mintty- Published: Nov. 12, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-64710
Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting (XSS) vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that c... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-12891
The Survey Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ays_survey_show_results' AJAX endpoint in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated a... Read more
Affected Products : survey_maker- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12681
The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajax_get_comment' function. This makes it possible for unauthenticated attackers to ex... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-11260
The WP Headless CMS Framework plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.15. This is due to the plugin only checking for the existence of the Authorization header in a request when determining... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-62970
Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through <= 0.8.8.... Read more
Affected Products : link_whisper_free- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-11237
The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options.... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-57931
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4.... Read more
Affected Products : popup_box- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-12788
The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to missing payment verification to unauthenticated payment bypass in all versions up to, and including, 1.1.27. This is due to the plugin accepting client-con... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-7700
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control,... Read more
Affected Products : ffmpeg- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-62396
An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.... Read more
Affected Products : moodle- Published: Oct. 23, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-12350
The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_ajax_nopriv_dominokit_option_admin_action AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthentic... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12621
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'create_refund' function in all versions up to, and including, 1.0.42. This makes i... Read more
Affected Products :- Published: Nov. 08, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12098
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueue_social_login_script' function. This makes it possible ... Read more
Affected Products :- Published: Nov. 08, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-33150
IBM Cognos Analytics Certified Containers 12.1.0 could disclose package parameter information due to the presence of hidden pages.... Read more
Affected Products : cognos_analytics- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-62397
The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.... Read more
Affected Products : moodle- Published: Oct. 23, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-12536
The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the '_srfm_email_notification' post meta registration. This is due to setting the 'auth_callback' parameter to '__return_tr... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-58243
Missing Authorization vulnerability in Jthemes imEvent imevent allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects imEvent: from n/a through <= 3.4.0.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization