Latest CVE Feed
-
4.3
MEDIUMCVE-2025-8682
The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsup_admin_info_install_plugin() function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated ... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
8.2
HIGHCVE-2025-23309
NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering.... Read more
- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-23280
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information ... Read more
- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Memory Corruption
-
5.8
MEDIUMCVE-2025-11655
A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG File Handler. Performing manipulation results in unrestricted upload. The attack can be i... Read more
Affected Products :- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
-
6.4
MEDIUMCVE-2025-9496
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file_modified shortcode in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping on user supplied att... Read more
Affected Products : enable_media_replace- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-10175
The WP Links Page plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 4.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL que... Read more
Affected Products : wp_links_page- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-31994
HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the sc... Read more
Affected Products :- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
4.6
MEDIUMCVE-2025-62239
Cross-site scripting (XSS) vulnerability in workflow process builder in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated at... Read more
- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-11594
A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Su... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-62159
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 thro... Read more
Affected Products : external_secrets_operator- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
4.9
MEDIUMCVE-2025-9950
The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwr_get_file function. This makes it possible for authenticated attackers, with Administrator-level acce... Read more
Affected Products : error_log_viewer- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
5.8
MEDIUMCVE-2025-11628
A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inventory Handler. This manipulation of the argument produc... Read more
Affected Products :- Published: Oct. 12, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-6553
The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_checkout() function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attacke... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-11626
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service... Read more
Affected Products : wireshark- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-6439
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdp_save_canvas_design_ajax' function in... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
9.0
HIGHCVE-2025-11651
A vulnerability has been found in UTT 进取 518G up to V3v3.2.7-210919-161313. This vulnerability affects the function sub_4247AC of the file /goform/formRemoteControl. The manipulation of the argument Profile leads to buffer overflow. The attack is possible... Read more
Affected Products :- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2025-61689
HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values for illegal characters, allowing CRLF-based header injection and response splitting. This enables... Read more
Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
6.7
MEDIUMCVE-2025-8886
Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authen... Read more
Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-8484
The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 0.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained ... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-9626
The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the admin_process_widget_page_change function. This makes it possible for... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Request Forgery