Latest CVE Feed
-
5.3
MEDIUMCVE-2025-12289
A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/category_id/1001. Executing manipula... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-22170
Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with sufficient privileges to perform the action.... Read more
Affected Products : jira_align- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12891
The Survey Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ays_survey_show_results' AJAX endpoint in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated a... Read more
Affected Products : survey_maker- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-34241
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-10849
The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_plugin_actions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possibl... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-20734
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. ... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-54330
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Out-of-bounds Read of q->bufs[] in the __is_done_for_me function.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-42919
Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this vulnerability by inserting arbitrary path components in... Read more
Affected Products : netweaver_application_server_java- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-12440
Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chr... Read more
- Published: Nov. 10, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-62784
InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions before 1.6.5 contain a vulnerability where any plugin using a GUI with the GuiStorageElement and allows taking out items out of that element can allow item duplication w... Read more
Affected Products : inventorygui- Published: Oct. 27, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-55342
Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiar_password_olvido_validar.php txt_login parameter.... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-22174
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view portfolio rooms without the required permission.... Read more
Affected Products : jira_align- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-49380
Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through <= 3.7.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-62483
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.... Read more
- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-12157
The Simple User Capabilities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_reset_capability' AJAX endpoint in all versions up to, and including, 1.0. This makes it possible... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12788
The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to missing payment verification to unauthenticated payment bypass in all versions up to, and including, 1.1.27. This is due to the plugin accepting client-con... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-12041
The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'erifl_file' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to d... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-62884
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coupon Affiliates: from n/a through <= 7.0.3.... Read more
Affected Products : coupon_affiliates- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-64176
ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, an attacker can upload any file they wish to the /data directory of the web application via the backup import feature. When importing a b... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-11072
The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files.... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Path Traversal