Latest CVE Feed
-
5.4
MEDIUMCVE-2025-55072
Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser.... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-62907
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Custom Post Type Attachment custom-post-type-pdf-attachment allows Stored XSS.This issue affects Custom Post Type Attachment: from n/a thr... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-34303
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the IGNORE_ENTRY_REMARK parameter when adding a whitelisted host. W... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-8848
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the <html lang=""> ... Read more
Affected Products : librechat- Published: Oct. 22, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-7374
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for ... Read more
Affected Products : jobcareer- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-34306
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP searc... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-34305
IPFire versions prior to 2.29 (Core Update 198) contain multiple stored cross-site scripting (XSS) vulnerabilities caused by a bug in the cleanhtml() function (/var/ipfire/header.pl) that fails to apply HTML-entity encoding to user input. When an authenti... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-62178
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /html/atendido/cadastro_atendido_parentesco_pessoa_nova.php endpoint... Read more
Affected Products : wegia- Published: Oct. 13, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-60299
Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comm... Read more
Affected Products : novel-plus- Published: Oct. 08, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-11190
The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.... Read more
Affected Products :- Published: Oct. 10, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Misconfiguration
-
5.4
MEDIUMCVE-2025-33110
IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more
Affected Products : openpages_with_watson- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-34313
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the QUOTA_USERS parameter when creating a user quota rule. When a u... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-34317
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME parameter when adding a new DNS entry. When a user... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-62920
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webnique USERCENTRICS CMP usercentrics-consent-management-platform allows Stored XSS.This issue affects USERCENTRICS CMP: from n/a through <= 1.0.9.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-62937
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through <= 0.5.9.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-8558
Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licens... Read more
Affected Products : insider_threat_management_server- Published: Nov. 03, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-62528
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has be... Read more
Affected Products : taguette- Published: Oct. 20, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-62006
Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through <= 7.0.1.... Read more
Affected Products : wp_sms- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-56320
Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute arbitrary code... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-11429
A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overr... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authentication