Latest CVE Feed
-
7.5
HIGHCVE-2025-7670
The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the build_sql_where() function in all versions up to, and including, 6.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio... Read more
Affected Products :- Published: Aug. 19, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2025-7496
The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for aut... Read more
Affected Products : wpc_smart_compare_for_woocommerce- Published: Aug. 19, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-6758
The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' function in all versions up to, and including, 3.6. This is due to a lack of restriction in the registration rol... Read more
Affected Products :- Published: Aug. 19, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-53948
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.... Read more
Affected Products : sante_pacs_server- Published: Aug. 18, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Denial of Service
-
4.6
MEDIUMCVE-2025-43740
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.... Read more
- Published: Aug. 19, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-41685
A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address.... Read more
Affected Products :- Published: Aug. 19, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2025-54759
Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.... Read more
Affected Products : sante_pacs_server- Published: Aug. 18, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-54862
Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.... Read more
Affected Products : sante_pacs_server- Published: Aug. 18, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-8357
The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the /wp-content/uploads directory due to insufficient file path validation and user capability checking in the _process_mla_download_file function in all versions... Read more
Affected Products : media_library_assistant- Published: Aug. 19, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2024-55896
IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.... Read more
- Published: Jan. 03, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2025-21457
Information disclosure while opening a fastrpc session when domain is not sanitized.... Read more
Affected Products : ar8035_firmware qca6584au_firmware qca6698aq_firmware qca8081_firmware qca8337_firmware wcd9340_firmware fastconnect_7800_firmware qcc710_firmware qcn6224_firmware qcn6274_firmware +20 more products- Published: Aug. 06, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-21458
Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.... Read more
Affected Products : sw5100_firmware sw5100p_firmware wcd9380_firmware wcd9385_firmware wcn3980_firmware wcn3988_firmware wsa8830_firmware wsa8835_firmware qca6698aq_firmware qca6174a_firmware +38 more products- Published: Aug. 06, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21461
Memory corruption when programming registers through virtual CDM.... Read more
- Published: Aug. 06, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21473
Memory corruption when using Virtual cdm (Camera Data Mover) to write registers.... Read more
Affected Products : wcd9380_firmware wsa8830_firmware wsa8835_firmware fastconnect_6900_firmware fastconnect_7800_firmware snapdragon_8_gen_1_mobile_platform_firmware wcd9380 wsa8830 wsa8835 fastconnect_6900 +2 more products- Published: Aug. 06, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21474
Memory corruption while processing commands from A2dp sink command queue.... Read more
Affected Products : qam8295p_firmware qca6391_firmware qca6426_firmware qca6436_firmware qca6574au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware +80 more products- Published: Aug. 06, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-21611
tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access t... Read more
Affected Products : tgstation-server- Published: Jan. 06, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-8312
Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following version(s) : * D... Read more
Affected Products : devolutions_server- Published: Jul. 30, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Race Condition
-
7.8
HIGHCVE-2025-1433
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d civil_3d +1 more products- Published: Mar. 13, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-1431
A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of th... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d civil_3d +1 more products- Published: Mar. 13, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-1430
A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d civil_3d +1 more products- Published: Mar. 13, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption