Latest CVE Feed
-
6.5
CVSS31CVE-2025-52163
A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This ca... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-7784
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforc... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-54076
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `pre_cadastro_atendido.php` endpoint of the WeGI... Read more
Affected Products : wegia- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-47995
Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-7772
The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes ... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-6717
The B1.lt plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.2.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-52168
Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-46002
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-46000
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-52162
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-54077
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao.php` endpoint of the WeGIA appli... Read more
Affected Products : wegia- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-6226
Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have acc... Read more
Affected Products : mattermost_server- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.4
CVSS31CVE-2025-7660
The Map My Locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'map_my_locations' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attr... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.4
CVSS31CVE-2025-7648
The Ruven Themes: Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ruven_button' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied ... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.4
CVSS31CVE-2025-5752
The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 11.1 due to insufficient input sanitization and output escaping. This makes it po... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.4
CVSS31CVE-2025-5767
The Crowdfunding for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 3.1.14 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.4
CVSS31CVE-2025-5800
The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for au... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.4
CVSS31CVE-2025-5754
The Useful Tab Block – Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.3
CVSS31CVE-2025-7788
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulatio... Read more
Affected Products : xxl-job- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.3
CVSS31CVE-2025-7755
A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation of the argument image leads to unrestricted upload. The ... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025