Latest CVE Feed
-
8.5
HIGHCVE-2025-55671
Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Path Traversal
-
6.8
MEDIUMCVE-2025-58401
Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Information Disclosure
-
10.0
CRITICALCVE-2025-54914
Azure Networking Elevation of Privilege Vulnerability... Read more
Affected Products : azure_networking- Published: Sep. 04, 2025
- Modified: Sep. 05, 2025
-
8.2
HIGHCVE-2025-58353
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi, '')`. Because the package us... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58858
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean WPB Image Widget allows Stored XSS. This issue affects WPB Image Widget: from n/a through 1.1.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58822
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail allows DOM-Based XSS. This issue affects WP Mail: from n/a through 1.3.... Read more
Affected Products : wp_mail- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-48103
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mulscully Today's Date Inserter allows Stored XSS. This issue affects Today's Date Inserter: from n/a through 1.2.1.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-48105
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Boiardt Easy Flash Embed allows Stored XSS. This issue affects Easy Flash Embed: from n/a through 1.0.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-9834
A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. It is possible to launch the attack re... Read more
Affected Products : small_crm- Published: Sep. 02, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-9835
A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The expl... Read more
Affected Products : mall- Published: Sep. 02, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-9837
A vulnerability was determined in itsourcecode Student Information Management System 1.0. This issue affects some unknown processing of the file /admin/modules/student/index.php. This manipulation of the argument studentId causes sql injection. The attack... Read more
Affected Products : student_information_management_system- Published: Sep. 02, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-9838
A vulnerability was identified in itsourcecode Student Information Management System 1.0. Impacted is an unknown function of the file /admin/modules/subject/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched... Read more
Affected Products : student_information_management_system- Published: Sep. 02, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-9839
A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/course/index.php. Performing manipulation of the argument ID results in sql injection. Re... Read more
Affected Products : student_information_management_system- Published: Sep. 02, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-9840
A weakness has been identified in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/gametype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed rem... Read more
Affected Products : sports_management_system- Published: Sep. 02, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-21038
Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.... Read more
- Published: Sep. 03, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2025-21039
Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.... Read more
- Published: Sep. 03, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Authorization
-
4.0
MEDIUMCVE-2023-21471
Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission.... Read more
Affected Products : android- Published: Sep. 03, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2023-21472
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.... Read more
Affected Products : android- Published: Sep. 03, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
6.8
MEDIUMCVE-2023-21473
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.... Read more
Affected Products : android- Published: Sep. 03, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
8.0
HIGHCVE-2023-21475
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.... Read more
Affected Products : android- Published: Sep. 03, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Memory Corruption