Latest CVE Feed
-
5.9
MEDIUMCVE-2025-58810
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jimmywb Simple Link List Widget allows Stored XSS. This issue affects Simple Link List Widget: from n/a through 0.3.2.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-58806
Cross-Site Request Forgery (CSRF) vulnerability in imjoehaines WordPress Error Monitoring by Bugsnag allows Stored XSS. This issue affects WordPress Error Monitoring by Bugsnag: from n/a through 1.6.3.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Request Forgery
-
9.8
CRITICALCVE-2025-49401
Deserialization of Untrusted Data vulnerability in ExpressTech Systems Quiz And Survey Master allows Object Injection. This issue affects Quiz And Survey Master: from n/a through 10.2.5.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-41408
Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbitrary website on the vulnerable App. As a result, the us... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Authorization
-
10.0
CRITICALCVE-2025-54914
Azure Networking Elevation of Privilege Vulnerability... Read more
Affected Products : azure_networking- Published: Sep. 04, 2025
- Modified: Sep. 05, 2025
-
8.2
HIGHCVE-2025-58353
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi, '')`. Because the package us... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-58853
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Popping Sidebars and Widgets Light allows Reflected XSS. This issue affects Popping Sidebars and Widgets Light: from n/a through 1.27.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-58852
Cross-Site Request Forgery (CSRF) vulnerability in Mark O'Donnell MSTW League Manager allows Stored XSS. This issue affects MSTW League Manager: from n/a through 2.10.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.9
MEDIUMCVE-2025-48102
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gourl GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership allows Stored XSS. This issue affects GoUrl Bitcoin Payment Gateway & Paid ... Read more
Affected Products : gourl- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-58794
Cross-Site Request Forgery (CSRF) vulnerability in rainafarai Notification for Telegram allows Cross Site Request Forgery. This issue affects Notification for Telegram: from n/a through 3.4.6.... Read more
Affected Products : notification_for_telegram- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-58790
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKube Kiwi allows Stored XSS. This issue affects Kiwi: from n/a through 2.1.8.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-53307
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brent Jett Assistant allows Reflected XSS. This issue affects Assistant: from n/a through 1.5.2.... Read more
Affected Products : assistant- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-58846
Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule allows Reflected XSS. This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post,... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-48104
Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player allows Stored XSS. This issue affects Floating Window Music Player: from n/a through 3.4.2.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.1
HIGHCVE-2025-58206
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach allows PHP Local File Inclusion. This issue affects MaxCoach: from n/a through 3.2.5.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Path Traversal
-
5.9
MEDIUMCVE-2025-58883
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Harris Search Cloud One allows Stored XSS. This issue affects Search Cloud One: from n/a through 2.2.5.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-57889
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 InPost Gallery allows PHP Local File Inclusion. This issue affects InPost Gallery: from n/a through 2.1.4.5.... Read more
Affected Products : inpost_gallery- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Path Traversal
-
7.6
HIGHCVE-2025-9999
Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-58814
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ram Ratan Maurya Stagtools allows Stored XSS. This issue affects Stagtools: from n/a through 2.3.8.... Read more
Affected Products : stagtools- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58812
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows Stored XSS. This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.3.... Read more
Affected Products : great_restaurant_menu_wp- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting