Latest CVE Feed
- 
                                
                                4.3MEDIUMCVE-2025-62021Missing Authorization vulnerability in Made Neat Acknowledgify acknowledgify.This issue affects Acknowledgify: from n/a through <= 1.1.3.... Read more Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
 
- 
                                
                                6.5MEDIUMCVE-2025-62019Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8.... Read more Affected Products : recipe_card_blocks_for_gutenberg_\&_elementor- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
 
- 
                                
                                7.6HIGHCVE-2025-62015Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons:... Read more Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
 
- 
                                
                                4.3MEDIUMCVE-2025-62013Missing Authorization vulnerability in POSIMYTH UiChemy uichemy.This issue affects UiChemy: from n/a through <= 4.0.0.... Read more Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
 
- 
                                
                                4.3MEDIUMCVE-2025-62009Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through <= 2.0.2.... Read more Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Cross-Site Request Forgery
 
- 
                                
                                8.8HIGHCVE-2025-62008Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4.... Read more Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                8.8HIGHCVE-2025-62007Incorrect Privilege Assignment vulnerability in bPlugins Voice Feedback voice-feedback allows Privilege Escalation.This issue affects Voice Feedback: from n/a through <= 1.0.3.... Read more Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
 
- 
                                
                                5.4MEDIUMCVE-2025-62006Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through <= 7.0.1.... Read more Affected Products : wp_sms- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
 
- 
                                
                                7.1HIGHCVE-2025-62005Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Cross Site Request Forgery.This issue affects SUMO Memberships for WooCommerce: from n/a through < 7.8.0.... Read more Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Cross-Site Request Forgery
 
- 
                                
                                9.8CRITICALCVE-2025-60238Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 8.72.34.... Read more Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
 
- 
                                
                                8.8HIGHCVE-2025-60234Deserialization of Untrusted Data vulnerability in designthemes Single Property single-property allows Object Injection.This issue affects Single Property: from n/a through <= 2.8.... Read more Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-60232Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through <= 8.0.5.... Read more Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
 
- 
                                
                                7.5HIGHCVE-2025-50951FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.... Read more Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                6.5MEDIUMCVE-2025-50949FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.... Read more Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                0.0NACVE-2025-40024In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in struct vhost_task. vhost_task_create() creates a task and keeps a reference to its task_struct. That task may exit early via a signal and its task... Read more Affected Products : linux_kernel- Published: Oct. 24, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Race Condition
 
- 
                                
                                0.0NACVE-2025-40023In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't expose sysfs attributes not applicable for VFs VFs can't read BMG_PCIE_CAP(0x138340) register nor access PCODE (already guarded by the info.skip_pcode flag) so we shoul... Read more Affected Products : linux_kernel- Published: Oct. 24, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                0.0NACVE-2025-40022In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") changed some fields from bool to 1-bit ... Read more Affected Products : linux_kernel- Published: Oct. 24, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Cryptography
 
- 
                                
                                0.0NACVE-2025-40021In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events and uprobe_events, it should also check the lockdo... Read more Affected Products : linux_kernel- Published: Oct. 24, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                0.0NACVE-2025-40020In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix shift-out-of-bounds issue Explicitly uses a 64-bit constant when the number of bits used for its shifting is 32 (which is the case for PC CAN FD interfaces supported ... Read more Affected Products : linux_kernel- Published: Oct. 24, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                4.3MEDIUMCVE-2025-11576The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebyte_chatbot_export_messag... Read more Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
 
 
                         
                         
                         
                                             
                                            