Latest CVE Feed
-
4.3
MEDIUMCVE-2025-41254
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: * 6.2.0 - 6.2.11 * 6.1.0 - 6.1.23 * 6.0.x - 6.0.29 * 5.3.0... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-11257
The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authent... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-62605
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior t... Read more
Affected Products : mastodon- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-10376
The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce validation when processing form submissions on the settings page. This makes it pos... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-62070
Missing Authorization vulnerability in WPXPO WowRevenue revenue.This issue affects WowRevenue: from n/a through <= 1.2.13.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2024-47569
A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.7 through 6.0.12, FortiMail 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.9, For... Read more
Affected Products : fortimanager fortios fortimail fortiproxy fortiweb fortitester fortivoice fortipam fortindr fortirecorder +2 more products- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-11519
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/move_image REST API en... Read more
Affected Products :- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-6680
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with tutor-level access and above, t... Read more
Affected Products : tutor_lms- Published: Oct. 25, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-61906
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accide... Read more
Affected Products : opencast- Published: Oct. 08, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-62071
Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget.This issue affects Social proof testimonials and reviews by Repuso: from n/a through <= 5.29.... Read more
Affected Products : repuso- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-9626
The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the admin_process_widget_page_change function. This makes it possible for... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-54822
An improper authorization vulnerability [CWE-285] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.8 & Fortinet FortiProxy before version 7.4.8 allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-62009
Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through <= 2.0.2.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-58581
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of t... Read more
Affected Products :- Published: Oct. 06, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-62595
Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain ci... Read more
Affected Products : koa- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Server-Side Request Forgery
-
4.3
MEDIUMCVE-2025-11975
The FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_changes() functi... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-64358
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from n/a through <= 2... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-11742
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlist_quickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for auth... Read more
Affected Products : wpc_smart_wishlist_for_woocommerce- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-52614
HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site.... Read more
Affected Products : unica- Published: Oct. 12, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-11510
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and includin... Read more
Affected Products : filebird- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization