Latest CVE Feed
-
6.5
MEDIUMCVE-2025-63212
GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retr... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Information Disclosure
-
7.2
HIGHCVE-2025-0645
Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Pyxis Signage: through 31012025... Read more
Affected Products :- Published: Nov. 20, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Misconfiguration
-
6.9
MEDIUMCVE-2025-65100
Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISAR_APT_SNAPSHOT_DATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2025-13433
A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The ma... Read more
Affected Products :- Published: Nov. 20, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-13442
A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack m... Read more
Affected Products :- Published: Nov. 20, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-65103
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.9.5, an authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries.... Read more
Affected Products : openstamanager- Published: Nov. 19, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-64759
Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SV... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-13469
A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The... Read more
Affected Products :- Published: Nov. 20, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11799
The Affiliate AI Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'asin' shortcode attribute in the affiai_img shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output e... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11803
The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the wpsite_y shortcode and the 'before' attribute in the wpsite_postauthor shortcode in all versions up to, and including, 1.2. ... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11808
The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'i... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-13156
The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insert_media_attachment() function in all versions up to, and including, 3.3.0. This is due to the sa... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2025-40210
In the Linux kernel, the following vulnerability has been resolved: Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" I've found that pynfs COMP6 now leaves the connection or lease in a strange state, which causes CLOSE9 to hang i... Read more
Affected Products : linux_kernel- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Denial of Service
-
6.4
MEDIUMCVE-2025-11768
The Islamic Phrases plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'phrases' shortcode attribute in all versions up to, and including, 2.12.2015. This is due to insufficient input sanitization and output escaping. This makes it ... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
4.9
MEDIUMCVE-2025-11973
The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the __kds_flag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level acce... Read more
Affected Products : keydatas- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Path Traversal
-
6.4
MEDIUMCVE-2025-11800
The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'minicrm' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and outp... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-11771
The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'createSaleRecord' funct... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Authentication
-
6.4
MEDIUMCVE-2025-11765
The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image_height' and 'image_width' shortcode attributes in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. ... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
9.3
CRITICALCVE-2025-34320
BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. This allows unauthenticated directory traversal sequences to cause the server to read arbitrary system files accessi... Read more
Affected Products :- Published: Nov. 20, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Path Traversal
-
9.6
CRITICALCVE-2025-10571
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1.... Read more
Affected Products :- Published: Nov. 20, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Authentication