Latest CVE Feed
-
6.4
MEDIUMCVE-2025-58307
UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products :- Published: Nov. 28, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-58303
UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products :- Published: Nov. 28, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-58294
Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more
Affected Products :- Published: Nov. 28, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Authorization
-
4.9
MEDIUMCVE-2025-11972
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to SQL Injection via the 'post_types' parameter in all versions up to, and including, 3.40.0 due to insufficient escaping on the user supplied parameter... Read more
Affected Products :- Published: Nov. 08, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Injection
-
6.9
MEDIUMCVE-2025-66361
An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.... Read more
Affected Products : siem- Published: Nov. 28, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2025-66360
An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.... Read more
Affected Products : siem- Published: Nov. 28, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Authorization
-
8.5
HIGHCVE-2025-66359
An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.... Read more
Affected Products : siem- Published: Nov. 28, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Cross-Site Scripting
-
6.2
MEDIUMCVE-2025-3261
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API e... Read more
Affected Products : thingsboard- Published: Nov. 27, 2025
- Modified: Nov. 27, 2025
- Vuln Type: Cross-Site Scripting
-
9.9
CRITICALCVE-2025-12421
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform acco... Read more
Affected Products : mattermost_server- Published: Nov. 27, 2025
- Modified: Nov. 27, 2025
- Vuln Type: Authentication
-
9.9
CRITICALCVE-2025-12419
Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take ... Read more
Affected Products : mattermost_server- Published: Nov. 27, 2025
- Modified: Nov. 27, 2025
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2025-12559
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/c... Read more
Affected Products : mattermost_server- Published: Nov. 27, 2025
- Modified: Nov. 27, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2025-13765
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.... Read more
Affected Products : devolutions_server- Published: Nov. 27, 2025
- Modified: Nov. 27, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2025-13758
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.... Read more
Affected Products : devolutions_server- Published: Nov. 27, 2025
- Modified: Nov. 27, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2025-13757
SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.... Read more
Affected Products : devolutions_server- Published: Nov. 27, 2025
- Modified: Nov. 27, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-8890
Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by ... Read more
Affected Products :- Published: Nov. 27, 2025
- Modified: Nov. 27, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-13692
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for un... Read more
Affected Products : unlimited_elements_for_elementor- Published: Nov. 27, 2025
- Modified: Nov. 27, 2025
- Vuln Type: Cross-Site Scripting
-
9.3
CRITICALCVE-2025-12140
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated atta... Read more
Affected Products :- Published: Nov. 27, 2025
- Modified: Nov. 27, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-59454
In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While these APIs were accessible only to authorized users, insuf... Read more
Affected Products : cloudstack- Published: Nov. 27, 2025
- Modified: Nov. 27, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-59302
In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is found in the following APIs which are accessible only to admins. * quotaTariffCreate * quotaTariffUpdate * createSecondaryStorageSelector * updat... Read more
Affected Products : cloudstack- Published: Nov. 27, 2025
- Modified: Nov. 27, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-54057
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: <= 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue.... Read more
Affected Products :- Published: Nov. 27, 2025
- Modified: Nov. 27, 2025
- Vuln Type: Cross-Site Scripting