Latest CVE Feed
-
4.9
MEDIUMCVE-2025-12137
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths... Read more
Affected Products : import_wp- Published: Nov. 01, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Path Traversal
-
4.9
MEDIUMCVE-2025-53069
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with... Read more
Affected Products : mysql_server- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
4.8
MEDIUMCVE-2025-62367
Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0.... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2025-1679
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-12279
A vulnerability has been found in code-projects Client Details System 1.0. This vulnerability affects unknown code of the file /welcome.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been dis... Read more
- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-54856
Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses ... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-62499
Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the use... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-59501
Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.... Read more
- Published: Oct. 31, 2025
- Modified: Nov. 05, 2025
-
4.8
MEDIUMCVE-2025-12282
A vulnerability was identified in code-projects Client Details System 1.0. The affected element is an unknown function of the file /admin/manage-users.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit i... Read more
- Published: Oct. 27, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-20289
Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient... Read more
Affected Products : identity_services_engine- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-62412
LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts > Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0.... Read more
Affected Products : librenms- Published: Oct. 16, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-12311
A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross site scripting. The attack can be la... Read more
Affected Products : curfew_e-pass_management_system- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-12312
A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the argument Fullname/Category causes cross site scripting. The attack may be initiated remotel... Read more
Affected Products : curfew_e-pass_management_system- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-12230
A weakness has been identified in projectworlds Expense Management System 1.0. This impacts an unknown function of the file /public/admin/currencies/create of the component Currency Page. This manipulation causes cross site scripting. It is possible to in... Read more
Affected Products : expense_management_system- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-62237
Stored cross-site scripting (XSS) vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers... Read more
- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-12229
A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross site scripting. The attack may be pe... Read more
Affected Products : expense_management_system- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-12330
A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The atta... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-12228
A vulnerability was identified in projectworlds Expense Management System 1.0. The impacted element is an unknown function of the file /public/admin/users/create of the component Users Page. The manipulation leads to cross site scripting. The attack is po... Read more
Affected Products : expense_management_system- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-62244
Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows re... Read more
- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2025-9980
QuickCMS is vulnerable to multiple Stored XSS in page editor functionality (pages-form). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin us... Read more
Affected Products : quick.cms- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting