Latest CVE Feed
-
5.4
MEDIUMCVE-2025-57946
Cross-Site Request Forgery (CSRF) vulnerability in Loc Bui payOS allows Cross Site Request Forgery. This issue affects payOS: from n/a through 1.0.61.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.6
MEDIUMCVE-2025-8079
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS.This issue affects Smart Trade E-Commerce: before 4.5.0.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
4.7
MEDIUMCVE-2025-9540
The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
4.2
MEDIUMCVE-2025-0875
Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Student Affairs Information System): bef... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authorization
-
8.6
HIGHCVE-2025-10009
Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja <= 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-9035
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Horato Internet Technologies Ind. And Trade Inc. Virtual Library Platform allows Reflected XSS.This issue affects Virtual Library Platform: before... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-10854
The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by ensuring safe filenames, it does not account for symbolic links within the tar file. ... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-59418
BunnyPad is a note taking software. Prior to version 11.0.27000.0915, opening files greater than or equal to 20MB causes buffer overflow to occur. This issue has been patched in version 11.0.27000.0915. Users who wish not to upgrade should refrain from op... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-53454
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Ultimate WP Mail allows Stored XSS. This issue affects Ultimate WP Mail: from n/a through 1.3.8.... Read more
Affected Products : ultimate_wp_mail- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-53570
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DELUCKS DELUCKS SEO allows Stored XSS. This issue affects DELUCKS SEO: from n/a through 2.7.0.... Read more
Affected Products : delucks_seo- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-57939
Missing Authorization vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4.4.... Read more
Affected Products : image_hover_effects- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-57921
Missing Authorization vulnerability in N-Media Frontend File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frontend File Manager: from n/a through 23.2.... Read more
Affected Products : frontend_file_manager- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-57920
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CK MacLeod Category Featured Images Extended allows Stored XSS. This issue affects Category Featured Images Extended: from n/a through 1.52.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-57918
Cross-Site Request Forgery (CSRF) vulnerability in ERA404 LinkedInclude allows Stored XSS. This issue affects LinkedInclude: from n/a through 3.0.4.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-57911
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Adverts allows DOM-Based XSS. This issue affects Adverts: from n/a through 1.4.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-57910
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AnyClip Video Platform AnyClip Luminous Studio allows Stored XSS. This issue affects AnyClip Luminous Studio: from n/a through 1.3.3.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-57979
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson AuthorSure allows Stored XSS. This issue affects AuthorSure: from n/a through 2.3.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-57944
Missing Authorization vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Skimlinks Affiliate Marketing Tool: from n/a through 1.3.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-57908
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Product Time Countdown for WooCommerce allows Stored XSS. This issue affects Product Time Countdown for WooCommerce: from n/a through 1.6.4.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-57906
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in epeken Epeken All Kurir allows Stored XSS. This issue affects Epeken All Kurir: from n/a through 2.0.2.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting