Latest CVE Feed
-
8.8
HIGHCVE-2025-6366
The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the el_update_profile() funct... Read more
Affected Products : event_list- Published: Aug. 26, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-23307
NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclos... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
4.4
MEDIUMCVE-2025-8490
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more
Affected Products : all-in-one_wp_migration- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
8.4
HIGHCVE-2025-50753
Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" (quotes included)... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2025-8424
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization