Latest CVE Feed
-
5.4
MEDIUMCVE-2025-12881
The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the wps_rma_fetch_order_msgs() due to missing validation on a user controlled key. This m... Read more
Affected Products : return_refund_and_exchange_for_woocommerce- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Authorization
-
6.4
MEDIUMCVE-2025-11799
The Affiliate AI Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'asin' shortcode attribute in the affiai_img shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output e... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-13156
The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insert_media_attachment() function in all versions up to, and including, 3.3.0. This is due to the sa... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2025-40210
In the Linux kernel, the following vulnerability has been resolved: Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" I've found that pynfs COMP6 now leaves the connection or lease in a strange state, which causes CLOSE9 to hang i... Read more
Affected Products : linux_kernel- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Denial of Service