Latest CVE Feed
-
5.3
MEDIUMCVE-2025-11449
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially cr... Read more
Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-62241
Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the _c... Read more
Affected Products : dxp- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-11171
The Chartify – WordPress Chart Plugin for WordPress is vulnerable to Missing Authentication for Critical Function in all versions up to, and including, 3.5.9. This is due to the plugin registering an unauthenticated AJAX action that dispatches to admin-cl... Read more
Affected Products : chartify- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-10705
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due to insufficient validation of user-supplied URLs in the PDF processing functionality. Th... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Server-Side Request Forgery
-
5.3
MEDIUMCVE-2025-11439
A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit has b... Read more
Affected Products : opnform- Published: Oct. 08, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-46583
There is a Denial of Service(DoS)vulnerability in the ZTE MC889A Pro product. Due to insufficient validation of the input parameters of the Short Message Service interface, allowing an attacker to exploit it to carry out a DoS attack.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2023-37749
Incorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper authorization.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-34272
In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being ... Read more
Affected Products : log_server- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-62396
An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.... Read more
Affected Products : moodle- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-11701
The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the za_create_zip_callback function in all versions up to, and including, 1.6. This makes ... Read more
Affected Products : zip_attachments- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-62062
Insertion of Sensitive Information Into Sent Data vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Retrieve Embedded Sensitive Data.This issue affects Easy Post Submission: from n/a through <= 1.7.0.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-11703
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. Th... Read more
Affected Products : wp_go_maps- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-10750
The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks and authentication verification on the 'testUser' endpoint accessible vi... Read more
Affected Products :- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2023-37401
IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted.... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-11692
The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including, 1.6. This makes it possible for unauthenticated attacke... Read more
Affected Products : zip_attachments- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-10008
The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clean_options' function in all versions up to, and including, 5.1. This makes it possible for un... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-62672
rplay through 3.3.2 allows attackers to cause a denial of service (SIGSEGV and daemon crash) or possibly have unspecified other impact. This occurs in memcpy in the RPLAY_DATA case in rplay_unpack in librplay/rplay.c, potentially reachable via packet data... Read more
Affected Products :- Published: Oct. 19, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-22174
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view portfolio rooms without the required permission.... Read more
Affected Products : jira_align- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-56009
Cross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.... Read more
Affected Products : keeneticos- Published: Oct. 23, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-11979
An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption