Latest CVE Feed
-
5.6
MEDIUMCVE-2025-2939
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauth... Read more
Affected Products : ninja_tables- Published: Jun. 03, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-4857
The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include an... Read more
Affected Products : newsletters- Published: May. 31, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-4691
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'view_request_details' due to missing validation o... Read more
Affected Products : free_booking_plugin_for_hotels\,_restaurant_and_car_rental- Published: May. 31, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
4.9
MEDIUMCVE-2025-3430
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printer_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exist... Read more
Affected Products : 3dprint_lite- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2025-3429
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exis... Read more
Affected Products : 3dprint_lite- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2025-3428
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exist... Read more
Affected Products : 3dprint_lite- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2025-3427
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi... Read more
Affected Products : 3dprint_lite- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-7363
The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the #titleicon_unicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowin... Read more
Affected Products :- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-7362
The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. ... Read more
Affected Products :- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cross-Site Scripting
-
7.0
HIGHCVE-2025-6019
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the u... Read more
- Published: Jun. 19, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-53479
The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override me... Read more
Affected Products :- Published: Jul. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-32722
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.3
HIGHCVE-2025-32721
Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-32718
Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +6 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-32716
Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +7 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-32714
Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-32713
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-32712
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-32710
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-29828
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption