Latest CVE Feed
-
4.8
MEDIUMCVE-2025-15202
A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may be perfor... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-64723
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to in... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2025-55063
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-14841
A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component d... Read more
Affected Products : dcmtk- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-15200
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.jav... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-64249
Missing Authorization vulnerability in WP-EXPERTS.IN Protect WP Admin protect-wp-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protect WP Admin: from n/a through <= 4.1.... Read more
Affected Products : protect_wp_admin- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2025-14801
A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-68114
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow whe... Read more
Affected Products : capstone- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-15146
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may ... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15372
A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is pos... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-14946
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2025-14698
A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This affects an unknown part of the component gallery.photogallery.pictures.vault.album. This manipulation causes path traversal. The attack needs to be launched loc... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Path Traversal
-
4.8
MEDIUMCVE-2025-11531
HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 110... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Path Traversal
-
4.8
MEDIUMCVE-2025-67873
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer over... Read more
Affected Products : capstone- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-68163
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page... Read more
Affected Products : teamcity- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-14244
A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of the component Menu Management Page. This manipulation of the argument Link causes cross site scrip... Read more
Affected Products : greencms- Published: Dec. 08, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-20385
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability `admin_all_objects` could craft a malicious... Read more
- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-9638
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affec... Read more
Affected Products : i-educar- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-6946
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally manag... Read more
Affected Products : fireware firebox_m270 firebox_m290 firebox_m370 firebox_m390 firebox_m440 firebox_m470 firebox_m4800 firebox_m570 firebox_m5800 +19 more products- Published: Dec. 04, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-64696
Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Misconfiguration