Latest CVE Feed
-
6.5
MEDIUMCVE-2025-12926
A weakness has been identified in SourceCodester Farm Management System 1.0. The affected element is an unknown function of the file /review.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. Th... Read more
Affected Products : farm_management_system- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62046
Missing Authorization vulnerability in CodexThemes TheGem Demo Import (for WPBakery) thegem-importer.This issue affects TheGem Demo Import (for WPBakery): from n/a through <= 5.10.5.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-64262
Cross-Site Request Forgery (CSRF) vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through <= 3.0.0.... Read more
Affected Products : auto_prune_posts- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-53408
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more
Affected Products : file_station- Published: Nov. 07, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-57697
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base... Read more
Affected Products : astrbot- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-63716
The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification ... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-61758
Vulnerability in the PeopleSoft Enterprise FIN IT Asset Management product of Oracle PeopleSoft (component: IT Asset Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network... Read more
Affected Products : peoplesoft_enterprise_fin_it_asset_management- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
6.5
MEDIUMCVE-2025-53412
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more
Affected Products : file_station- Published: Nov. 07, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-64114
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - #151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin... Read more
Affected Products : clipbucket- Published: Nov. 06, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-60784
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnor... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-62706
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allow... Read more
Affected Products : authlib- Published: Oct. 22, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-61194
daicuocms V1.3.13 contains a SQL injection vulnerability in the file library\think\db\Builder.php.... Read more
Affected Products : daicuo- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13059
A weakness has been identified in SourceCodester Alumni Management System 1.0. The impacted element is an unknown function of the file /manage_career.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is poss... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-61181
daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature.... Read more
Affected Products : daicuo- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-52865
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more
Affected Products : file_station- Published: Nov. 07, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-64318
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1.... Read more
Affected Products : mulesoft_anypoint_code_builder- Published: Nov. 04, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-63718
A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands.... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62012
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor) thegem-elementor.This issue affects TheGem (Elementor): from n/a through <= 5.10.5.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-53409
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from ... Read more
Affected Products : file_station- Published: Nov. 07, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-62019
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8.... Read more
Affected Products : recipe_card_blocks_for_gutenberg_\&_elementor- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization