Latest CVE Feed
-
4.8
MEDIUMCVE-2025-15188
A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing manipulation of the argument searchdata can lead to cross site scrip... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-64724
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious c... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2025-64723
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to in... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2025-15452
A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross ... Read more
Affected Products : wangmarket- Published: Jan. 05, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15451
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description ... Read more
Affected Products : wangmarket- Published: Jan. 05, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15203
A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to initiat... Read more
Affected Products : cachecloud- Published: Dec. 29, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-0642
A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launch... Read more
Affected Products : house_rental_and_property_listing- Published: Jan. 07, 2026
- Modified: Jan. 07, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15149
A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product P... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-55062
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15200
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.jav... Read more
Affected Products : cachecloud- Published: Dec. 29, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15022
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be u... Read more
Affected Products : vaadin- Published: Jan. 05, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-64249
Missing Authorization vulnerability in WP-EXPERTS.IN Protect WP Admin protect-wp-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protect WP Admin: from n/a through <= 4.1.... Read more
Affected Products : protect_wp_admin- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2025-64696
Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2025-15204
A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing manipulation can lead to cross site scripting. It is poss... Read more
Affected Products : cachecloud- Published: Dec. 29, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-55254
Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages.... Read more
- Published: Dec. 17, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Path Traversal
-
4.8
MEDIUMCVE-2025-14702
A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit h... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Path Traversal
-
4.8
MEDIUMCVE-2025-55064
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-63010
Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through <= 7.4.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Server-Side Request Forgery
-
4.8
MEDIUMCVE-2025-11775
An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial loss of functionality. This vulnerability only affects... Read more
Affected Products : armoury_crate- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-9638
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affec... Read more
Affected Products : i-educar- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Cross-Site Scripting