Latest CVE Feed
-
8.5
HIGHCVE-2025-60109
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider allows Blind SQL Injection. This issue affects LambertGroup - AllInOne - Content Slider: from n/a t... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-10962
A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This impacts the function sub_403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument mac_5g leads to command injection. It is possible to in... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-9958
An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations.... Read more
Affected Products : gitlab- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Information Disclosure
-
5.9
MEDIUMCVE-2025-60177
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rozx Recaptcha – wp allows Stored XSS. This issue affects Recaptcha – wp: from n/a through 0.2.6.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-60169
Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM allows Stored XSS. This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through 3.0.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-60119
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule allows Retrieve Embedded Sensitive Data. This issue affects CoSchedule: from n/a through 3.3.10.... Read more
Affected Products : coschedule- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Information Disclosure
-
6.4
MEDIUMCVE-2025-9490
The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.20.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... Read more
Affected Products : popup_maker- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-60181
Server-Side Request Forgery (SSRF) vulnerability in silence Silencesoft RSS Reader allows Server Side Request Forgery. This issue affects Silencesoft RSS Reader: from n/a through 0.6.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Server-Side Request Forgery
-
5.9
MEDIUMCVE-2025-60149
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Ott Notely allows Stored XSS. This issue affects Notely: from n/a through 1.8.0.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
3.1
LOWCVE-2025-10977
A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The comp... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-60141
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thetechtribe The Tribal allows Stored XSS. This issue affects The Tribal: from n/a through 1.3.3.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-60171
Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com allows Stored XSS. This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through 1.2.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-11015
A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restrict... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-60092
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2025-60118
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Potenzaglobalsolutions PGS Core allows SQL Injection. This issue affects PGS Core: from n/a through 5.9.0.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-10987
A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper a... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-60123
Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-60152
Missing Authorization vulnerability in wpshuffle Subscribe To Unlock allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Subscribe To Unlock: from n/a through 1.1.5.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-60122
Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-59841
Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even afte... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authentication