Latest CVE Feed
-
4.3
MEDIUMCVE-2025-12582
The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'features_revert_option AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attac... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-61750
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ... Read more
Affected Products : peoplesoft_enterprise_peopletools- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
4.3
MEDIUMCVE-2024-58269
A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs.... Read more
Affected Products : rancher- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-60132
Cross-Site Request Forgery (CSRF) vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through <= 1.2.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2023-32199
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that ha... Read more
Affected Products : rancher- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-62071
Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget.This issue affects Social proof testimonials and reviews by Repuso: from n/a through <= 5.29.... Read more
Affected Products : repuso- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-62073
Missing Authorization vulnerability in Sovlix MeetingHub meetinghub.This issue affects MeetingHub: from n/a through <= 1.23.9.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-64219
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18.... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-10312
The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible ... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-11976
The FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missin... Read more
Affected Products :- Published: Oct. 25, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-11742
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlist_quickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for auth... Read more
Affected Products : wpc_smart_wishlist_for_woocommerce- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-43438
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-62013
Missing Authorization vulnerability in POSIMYTH UiChemy uichemy.This issue affects UiChemy: from n/a through <= 4.0.0.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-11895
The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 3.0. This is due to the bmp_user_payout_detail_of_current_user() function selecting payout records solely by id without verifying ... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-5342
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module.... Read more
Affected Products : manageengine_exchange_reporter_plus- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
4.3
MEDIUMCVE-2025-12675
The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig() function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with ... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-62400
Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.... Read more
Affected Products : moodle- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2024-47569
A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.7 through 6.0.12, FortiMail 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.9, For... Read more
Affected Products : fortimanager fortios fortimail fortiproxy fortiweb fortitester fortivoice fortipam fortindr fortirecorder +2 more products- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-61885
Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications (component: Web Server). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows low privileged attacker with network acce... Read more
Affected Products : life_sciences_inform- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
4.3
MEDIUMCVE-2025-21074
Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption