Latest CVE Feed
-
5.3
MEDIUMCVE-2025-20384
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute (ANSI) escape codes... Read more
- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-68430
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT s... Read more
Affected Products : computer_vision_annotation_tool- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-14958
A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow.... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-62735
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through <= 1.1.... Read more
Affected Products : user_spam_remover- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-65105
Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor:<profile> and --security=selinux:<label> whic... Read more
Affected Products : apptainer- Published: Dec. 02, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-55181
Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads ... Read more
Affected Products : proxygen- Published: Dec. 02, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-62100
Missing Authorization vulnerability in themerain ThemeRain Core themerain-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeRain Core: from n/a through <= 1.1.9.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13414
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdash_watch_for_export() function in all versions up to, and including, 3.3.11. This makes it possible for una... Read more
Affected Products : chamber_dashboard_business_directory- Published: Nov. 25, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12525
The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockerco_submit_post' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protect... Read more
Affected Products :- Published: Nov. 25, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-68556
Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through 1.0.9.... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-62865
Missing Authorization vulnerability in Evan Herman Post Cloner post-cloner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Cloner: from n/a through <= 1.0.0.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-40935
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-13389
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `get_order_by_id()` function in all versions up to, and including, 14. This ... Read more
Affected Products :- Published: Nov. 25, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-63054
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13404
The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicate_post() function in all versions up to, and including, 1.2.20. This makes it possible for authentica... Read more
Affected Products :- Published: Nov. 25, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13405
The Ace Post Type Builder plugin for WordPress is vulnerable to unauthorized custom taxonomy deletion due to missing authorization validation on the cptb_delete_custom_taxonomy() function in all versions up to, and including, 1.9. This makes it possible f... Read more
Affected Products :- Published: Nov. 25, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12721
The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server_status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated atta... Read more
Affected Products :- Published: Dec. 06, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-13358
The Accessiy By CodeConfig Accessibility plugin for WordPress is vulnerable to unauthorized page creation due to missing authorization checks in versions up to, and including, 1.0.0. This is due to the plugin not performing capability checks in the `Setti... Read more
Affected Products :- Published: Dec. 06, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-63009
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics Events: from n/a throug... Read more
Affected Products : wp_google_analytics_events- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-13666
The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. ... Read more
Affected Products : helloprint- Published: Dec. 06, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization