Latest CVE Feed
-
3.1
LOWCVE-2025-15141
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing manipulation can lead to information disclosure. The attack may be performed from remo... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-15098
A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing manipulation of the argument url/header/body can lead to... Read more
Affected Products : yudao-cloud- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Server-Side Request Forgery
-
9.3
CRITICALCVE-2025-13158
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potenti... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-14913
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'media_delete_action' function in all versions up to, and includin... Read more
Affected Products : frontend_post_submission_manager- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization