Latest CVE Feed
-
5.3
MEDIUMCVE-2023-37749
Incorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper authorization.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12350
The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_ajax_nopriv_dominokit_option_admin_action AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthentic... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-22168
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read the steps of another user's private checklist.... Read more
Affected Products : jira_align- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-62778
Frappe Learning is a learning management system. A security issue was identified in Frappe Learning 2.39.1 and earlier, where students were able to access the Quiz Form if they had the URL.... Read more
Affected Products : learning- Published: Oct. 27, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-20732
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User ... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-61795
Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately bu... Read more
Affected Products : tomcat- Published: Oct. 27, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-12815
An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodi... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-12787
The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhb_meeting_form_submit_callback" function us... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-12788
The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to missing payment verification to unauthenticated payment bypass in all versions up to, and including, 1.1.27. This is due to the plugin accepting client-con... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-34246
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosur... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-59438
Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.... Read more
Affected Products : mbed_tls- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-62018
Missing Authorization vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.22.0.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-60925
codeshare v1.0.0 was discovered to contain an information leakage vulnerability.... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-64319
Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1... Read more
Affected Products : mulesoft_anypoint_code_builder- Published: Nov. 04, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-47912
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http... Read more
Affected Products : go- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-54547
On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired... Read more
Affected Products : danz_monitoring_fabric- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-55342
Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiar_password_olvido_validar.php txt_login parameter.... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-58189
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.... Read more
Affected Products : go- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Information Disclosure
-
5.2
MEDIUMCVE-2025-58712
A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Misconfiguration
-
5.2
MEDIUMCVE-2025-54983
A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration