Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 6.5

    CVSS31
    CVE-2025-52163

    A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This ca... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.5

    CVSS31
    CVE-2025-7784

    A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforc... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.5

    CVSS31
    CVE-2025-54076

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `pre_cadastro_atendido.php` endpoint of the WeGI... Read more

    Affected Products : wegia
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.5

    CVSS31
    CVE-2025-47995

    Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.5

    CVSS31
    CVE-2025-7772

    The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes ... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.5

    CVSS31
    CVE-2025-6717

    The B1.lt plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.2.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.5

    CVSS31
    CVE-2025-52168

    Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.5

    CVSS31
    CVE-2025-46002

    An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.5

    CVSS31
    CVE-2025-46000

    An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.5

    CVSS31
    CVE-2025-52162

    agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.5

    CVSS31
    CVE-2025-54077

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao.php` endpoint of the WeGIA appli... Read more

    Affected Products : wegia
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.5

    CVSS31
    CVE-2025-6226

    Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have acc... Read more

    Affected Products : mattermost_server
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.4

    CVSS31
    CVE-2025-7660

    The Map My Locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'map_my_locations' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attr... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.4

    CVSS31
    CVE-2025-7648

    The Ruven Themes: Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ruven_button' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied ... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.4

    CVSS31
    CVE-2025-5752

    The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 11.1 due to insufficient input sanitization and output escaping. This makes it po... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.4

    CVSS31
    CVE-2025-5767

    The Crowdfunding for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 3.1.14 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.4

    CVSS31
    CVE-2025-5800

    The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for au... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.4

    CVSS31
    CVE-2025-5754

    The Useful Tab Block – Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.3

    CVSS31
    CVE-2025-7788

    A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulatio... Read more

    Affected Products : xxl-job
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
  • 6.3

    CVSS31
    CVE-2025-7755

    A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation of the argument image leads to unrestricted upload. The ... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
Showing 20 of 192 Results
© cvefeed.io
Latest DB Update: Jul. 18, 2025 23:16