Latest CVE Feed
-
5.1
MEDIUMCVE-2025-4495
A vulnerability has been found in JAdmin-JAVA JAdmin 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /memoAjax/save. The manipulation of the argument ID leads to cross site scripting. The attack ca... Read more
Affected Products :- Published: May. 10, 2025
- Modified: May. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-2944
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Button and Countdown Widgets in all versions up to, and including, 2.6.12 due to insufficient input sanitization and output escaping on user sup... Read more
Affected Products : jeg_elementor_kit- Published: May. 10, 2025
- Modified: May. 12, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-37869
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use local fence in error path of xe_migrate_clear The intent of the error path in xe_migrate_clear is to wait on locally generated fence and then return. The code is waiting on ... Read more
Affected Products : linux_kernel- Published: May. 09, 2025
- Modified: May. 12, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-37871
In the Linux kernel, the following vulnerability has been resolved: nfsd: decrease sc_count directly if fail to queue dl_recall A deadlock warning occurred when invoking nfs4_put_stid following a failed dl_recall queue operation: T1 ... Read more
Affected Products : linux_kernel- Published: May. 09, 2025
- Modified: May. 12, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-37875
In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logic Writing to clear the PTM status 'valid' bit while the PTM cycle is triggered results in unreliable PTM operation. To fix this, clear the PTM 'trigger' a... Read more
Affected Products : linux_kernel- Published: May. 09, 2025
- Modified: May. 12, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-37879
In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9_client_write() and p9_client_read_once(), if the server incorrectly replies with success but a negative write/re... Read more
Affected Products : linux_kernel- Published: May. 09, 2025
- Modified: May. 12, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-4432
A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 o... Read more
Affected Products :- Published: May. 09, 2025
- Modified: May. 12, 2025
- Vuln Type: Denial of Service
-
4.3
MEDIUMCVE-2025-46749
An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution.... Read more
Affected Products :- Published: May. 12, 2025
- Modified: May. 12, 2025
- Vuln Type: Cross-Site Scripting
-
5.8
MEDIUMCVE-2025-46746
An administrator could discover another account's credentials.... Read more
Affected Products :- Published: May. 12, 2025
- Modified: May. 12, 2025
- Vuln Type: Information Disclosure
-
2.7
LOWCVE-2025-46744
An authenticated administrator could modify the Created By username for a user account... Read more
Affected Products :- Published: May. 12, 2025
- Modified: May. 12, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-46742
Users who were required to change their password could still access system information before changing their password... Read more
Affected Products :- Published: May. 12, 2025
- Modified: May. 12, 2025
- Vuln Type: Authorization
-
5.7
MEDIUMCVE-2025-46741
A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.... Read more
Affected Products :- Published: May. 12, 2025
- Modified: May. 12, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-47578
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Edward Caissie BNS Twitter Follow Button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from n/a through 0.3.8.... Read more
Affected Products :- Published: May. 12, 2025
- Modified: May. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.6
MEDIUMCVE-2025-46738
An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code.... Read more
Affected Products :- Published: May. 12, 2025
- Modified: May. 12, 2025
- Vuln Type: Authorization
-
2.4
LOWCVE-2025-47274
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the ru... Read more
Affected Products :- Published: May. 12, 2025
- Modified: May. 12, 2025
- Vuln Type: Information Disclosure
-
5.1
MEDIUMCVE-2025-40627
Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data,... Read more
Affected Products : abantecart- Published: May. 12, 2025
- Modified: May. 12, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-40626
Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data,... Read more
Affected Products : abantecart- Published: May. 12, 2025
- Modified: May. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-47271
The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor cou... Read more
Affected Products :- Published: May. 12, 2025
- Modified: May. 12, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-47270
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The `nimiq-network-libp2p` subcrate of nimiq/core-rs-albatross is vulnerable to a Denial of Service (DoS) attack due to uncon... Read more
Affected Products :- Published: May. 12, 2025
- Modified: May. 12, 2025
- Vuln Type: Denial of Service
-
2.1
LOWCVE-2025-46729
julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos's DVDProfiler software. Starting in v_20230807 and prior to v_20250511, cross-site scripting... Read more
Affected Products :- Published: May. 12, 2025
- Modified: May. 12, 2025
- Vuln Type: Cross-Site Scripting