Latest CVE Feed
-
4.3
MEDIUMCVE-2025-11369
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability checks on the get_instagram_access_token_callback, google_map_api_key_... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-12782
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable() function. This mak... Read more
Affected Products : beaver_builder- Published: Dec. 04, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-13653
In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileg... Read more
Affected Products :- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-67715
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue.... Read more
Affected Products : weblate- Published: Dec. 16, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-12756
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other... Read more
Affected Products : mattermost_server- Published: Dec. 01, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-6195
GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration cond... Read more
Affected Products : gitlab- Published: Nov. 26, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-11726
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.9.4. This is due to insufficient capability checks in the REST API endpoints under the 'fl-controls/v1' namespa... Read more
Affected Products : beaver_builder- Published: Dec. 02, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-13129
Improper Enforcement of Behavioral Workflow vulnerability in Seneka Software Hardware Information Technology Trade Contracting and Industry Ltd. Co. Onaylarım allows Functionality Misuse.This issue affects Onaylarım: from 25.09.26.01 through 18112025.... Read more
Affected Products :- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-13870
Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the... Read more
Affected Products : mattermost_server- Published: Dec. 02, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-63738
An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php.... Read more
Affected Products : rockoa- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-64240
Cross-Site Request Forgery (CSRF) vulnerability in freshchat Freshchat freshchat allows Cross Site Request Forgery.This issue affects Freshchat: from n/a through <= 2.3.4.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-43536
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected proces... Read more
- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-13363
The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the URL structure settings update functionality. This makes it possible for unauthentica... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-13140
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS_DeleteSurvey AJAX action. This makes i... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-13354
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perf... Read more
Affected Products : taxopress- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-12559
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/c... Read more
Affected Products : mattermost_server- Published: Nov. 27, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-11247
GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing speci... Read more
Affected Products : gitlab- Published: Dec. 11, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-12783
The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for auth... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-65670
An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak oc... Read more
Affected Products : classroomio- Published: Nov. 26, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-29844
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.... Read more
- Published: Dec. 04, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Information Disclosure