Latest CVE Feed
-
4.9
MEDIUMCVE-2025-13090
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing ... Read more
Affected Products : wp_directory_kit- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
9.0
CRITICALCVE-2025-13828
SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install ... Read more
Affected Products : mautic- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-13827
Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.... Read more
Affected Products : mautic- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-13724
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of ... Read more
Affected Products : vikrentcar- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-41742
Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access an... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cryptography