Latest CVE Feed
-
5.3
MEDIUMCVE-2025-13636
Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-14080
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsml_form_process AJAX ... Read more
Affected Products : frontend_post_submission_manager- Published: Dec. 21, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14633
The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'file_download' function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated atta... Read more
Affected Products :- Published: Dec. 20, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14531
A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in crlf injection. The attack can be initiated remotely. T... Read more
Affected Products : rental_management_system- Published: Dec. 11, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-14874
A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.... Read more
Affected Products : nodemailer- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-66129
Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through <= 1.18.0.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12876
The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pto_delete_file AJAX action in all versions up to, and including, 5.1.19. This makes it possibl... Read more
Affected Products : projectopia- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13358
The Accessiy By CodeConfig Accessibility plugin for WordPress is vulnerable to unauthorized page creation due to missing authorization checks in versions up to, and including, 1.0.0. This is due to the plugin not performing capability checks in the `Setti... Read more
Affected Products :- Published: Dec. 06, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-66125
Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through <= 4.3.2.... Read more
Affected Products : ultimate_wordpress_auction_plugin- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-64632
Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.21.... Read more
Affected Products : google_xml_sitemaps- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12809
The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/dokan/v1/wholesale/register` REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticat... Read more
Affected Products : dokan_pro_plugin- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-64763
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to ... Read more
Affected Products : envoy- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-66126
Insertion of Sensitive Information Into Sent Data vulnerability in wowpress.host Fix Media Library wow-media-library-fix allows Retrieve Embedded Sensitive Data.This issue affects Fix Media Library: from n/a through <= 2.0.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-58052
Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role... Read more
Affected Products : galette- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-66577
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X... Read more
Affected Products : cpp-httplib- Published: Dec. 05, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-20384
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute (ANSI) escape codes... Read more
- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-67168
RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.... Read more
Affected Products : ritecms- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cryptography
-
5.3
MEDIUMCVE-2025-62126
Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Caching: from n/a through 1.8.3.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-62755
Unauthenticated Broken Access Control in GS Portfolio for Envato <= 1.4.2 versions.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-63054
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization