Latest CVE Feed
-
4.3
MEDIUMCVE-2025-62605
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior t... Read more
Affected Products : mastodon- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-11757
The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-62701
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Mediawiki - Wikistories: from master before 1.44.... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
-
4.3
MEDIUMCVE-2025-60511
Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impers... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-62695
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affects Mediawiki - WikiLambda Extension: master.... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025