Latest CVE Feed
-
5.3
MEDIUMCVE-2025-63068
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 Dynamic Text Exte... Read more
Affected Products : contact_form_7_-_dynamic_text_extension- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-67567
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in uixthemes Sober sober allows Retrieve Embedded Sensitive Data.This issue affects Sober: from n/a through <= 3.5.11.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-67586
Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through <= 5.2.0.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67485
mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-62181
Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is val... Read more
Affected Products : infinity- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-65899
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid users with incorrect passwords (invalid_password). This ob... Read more
Affected Products : kalmia- Published: Dec. 04, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-66033
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-67713
Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check... Read more
Affected Products : miniflux- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
5.2
MEDIUMCVE-2025-43393
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Authorization
-
5.2
MEDIUMCVE-2025-52600
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an ... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Injection
-
5.2
MEDIUMCVE-2025-43497
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.2
MEDIUMCVE-2025-57850
A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
5.1
MEDIUMCVE-2025-13879
Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/a... Read more
Affected Products : solidserver_ipam- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Path Traversal
-
5.1
MEDIUMCVE-2025-15095
A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit h... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-13488
Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site s... Read more
Affected Products : nexus_repository_manager- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2023-53906
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets sect... Read more
Affected Products : projectsend- Published: Dec. 17, 2025
- Modified: Dec. 27, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-14836
A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation ... Read more
Affected Products : zzcms- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
5.1
MEDIUMCVE-2025-65885
An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), Nokia 700 (Delight v1.2), Nokia 701 (Delight v1.1), Nokia ... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-66322
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Dec. 08, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Race Condition
-
5.1
MEDIUMCVE-2025-15052
A vulnerability was detected in code-projects Student Information System 1.0. This vulnerability affects unknown code of the file /profile.php. Performing manipulation of the argument firstname/lastname results in cross site scripting. The attack is possi... Read more
Affected Products : student_information_system- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Cross-Site Scripting