Latest CVE Feed
-
6.1
MEDIUMCVE-2025-12406
The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage() function. This makes it possible for... Read more
Affected Products :- Published: Nov. 18, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.9
MEDIUMCVE-2025-64342
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address (AA) of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. I... Read more
Affected Products : esp-idf- Published: Nov. 17, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Denial of Service
-
3.2
LOWCVE-2025-12792
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC (Transparency, Consent, and Control) permis... Read more
Affected Products : canva- Published: Nov. 18, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Misconfiguration
-
7.2
HIGHCVE-2025-8727
There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.... Read more
Affected Products :- Published: Nov. 18, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Memory Corruption