Latest CVE Feed
-
5.4
MEDIUMCVE-2025-11166
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without pr... Read more
Affected Products : wp_go_maps- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.2
HIGHCVE-2025-10496
The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uuid parameter in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... Read more
Affected Products : cookie_notice_\&_consent- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-39962
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgk_app.c:65 rxgk_yfs_decode_ticket() warn: untrusted unsigned subtract. 'ticke... Read more
Affected Products : linux_kernel- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39960
In the Linux kernel, the following vulnerability has been resolved: gpiolib: acpi: initialize acpi_gpio_info struct Since commit 7c010d463372 ("gpiolib: acpi: Make sure we fill struct acpi_gpio_info"), uninitialized acpi_gpio_info struct are passed to _... Read more
Affected Products : linux_kernel- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
-
8.8
HIGHCVE-2025-10240
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session.... Read more
Affected Products : flowmon- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Cross-Site Request Forgery