Latest CVE Feed
-
6.5
MEDIUMCVE-2025-10175
The WP Links Page plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 4.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL que... Read more
Affected Products : wp_links_page- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-29157
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version... Read more
Affected Products : swagger_petstore- Published: Sep. 25, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-43905
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through ... Read more
Affected Products : data_domain_operating_system- Published: Oct. 07, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-43913
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through ... Read more
Affected Products : data_domain_operating_system- Published: Oct. 07, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cryptography
-
6.5
MEDIUM- Published: Oct. 09, 2025
- Modified: Oct. 17, 2025
-
6.5
MEDIUMCVE-2025-10124
The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.... Read more
Affected Products : booking_manager- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-37135
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary ... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-37148
A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-61181
daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature.... Read more
Affected Products : daicuo- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-61194
daicuocms V1.3.13 contains a SQL injection vulnerability in the file library\think\db\Builder.php.... Read more
Affected Products : daicuo- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-49901
Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through < 14.8.1.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-57305
VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp.... Read more
Affected Products : vitaracharts- Published: Oct. 02, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2025-58717
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
6.5
MEDIUMCVE-2025-60268
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would le... Read more
Affected Products : jeewms- Published: Oct. 10, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-57324
parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplyin... Read more
Affected Products : parse_javascript_sdk- Published: Sep. 24, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-57320
json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.p... Read more
Affected Products : json-schema-editor-visual- Published: Sep. 24, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-62386
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62389
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-11623
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-62383
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more
Affected Products : endpoint_manager- Published: Oct. 13, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection