Latest CVE Feed
-
7.5
HIGHCVE-2025-11501
The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the 'tax_query' parameter in all versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-60557
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60558
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60547
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60565
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-61220
The incomplete verification mechanism in the AutoBizLine com.mysecondline.app 1.2.91 allows attackers to log in as other users and gain unauthorized access to their personal information.... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-10862
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1.3. This is due to insufficient escaping on the 'id' parame... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-62171
ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerabili... Read more
Affected Products : imagemagick- Published: Oct. 17, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-62022
Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4.... Read more
Affected Products : buddypress- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-59043
OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the fac... Read more
Affected Products : openbao- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-52634
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.... Read more
Affected Products : aion- Published: Oct. 10, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-52630
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.... Read more
Affected Products : aion- Published: Oct. 10, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-52632
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.... Read more
Affected Products : aion- Published: Oct. 10, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-52625
A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0.... Read more
Affected Products : aion- Published: Oct. 10, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-11177
The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL ... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-8416
The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient pr... Read more
Affected Products :- Published: Oct. 25, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-62771
Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.5
HIGHCVE-2025-11722
The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode. This makes it possible for authenticated attackers, with... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-9322
The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escapin... Read more
Affected Products :- Published: Oct. 25, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-62902
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.6.... Read more
Affected Products : wp_popup_builder- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Information Disclosure