Latest CVE Feed
-
5.3
MEDIUMCVE-2025-13637
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low)... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-59792
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.... Read more
Affected Products : kvrocks- Published: Nov. 28, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-66064
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through <= 1.12.20.... Read more
Affected Products : rafflepress- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-66086
Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.8.8.... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13147
Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4.... Read more
Affected Products : moveit_transfer- Published: Nov. 19, 2025
- Modified: Nov. 24, 2025
- Vuln Type: Server-Side Request Forgery
-
5.3
MEDIUMCVE-2025-20755
In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User i... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-20757
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-56423
An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages... Read more
Affected Products : openatlas- Published: Nov. 24, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-13386
The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'options_update' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated atta... Read more
Affected Products :- Published: Nov. 25, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13381
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays_chatgpt_save_wp_media' function in all versions up to, and including, 2.7.0. This makes it pos... Read more
Affected Products : chatgpt_assistant- Published: Nov. 27, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-66121
Missing Authorization vulnerability in SiteGround SiteGround Security sg-security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through <= 1.5.8.... Read more
Affected Products : security_optimizer- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-55183
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and re... Read more
- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-64898
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized acces... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-64483
Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollm... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-67573
Missing Authorization vulnerability in ThimPress Sailing sailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sailing: from n/a through < 4.4.6.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12525
The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockerco_submit_post' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protect... Read more
Affected Products :- Published: Nov. 25, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-29934
A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity.... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-13318
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the `dex_bccf_check_IPN_verification` funct... Read more
Affected Products : booking_calendar- Published: Nov. 22, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12877
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the panding_blood_request_action() function in all versions up to, and including... Read more
Affected Products : idonate- Published: Nov. 22, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14517
A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locall... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration