Latest CVE Feed
-
6.4
MEDIUMCVE-2025-12962
The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the `url` parameter in the `[syndicate_local]` shortcode. This is due to the use of `wp_remote_get()` instead of `wp_saf... Read more
Affected Products :- Published: Nov. 18, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Server-Side Request Forgery
-
5.7
MEDIUMCVE-2025-52457
Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vC... Read more
Affected Products :- Published: Nov. 18, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-64766
NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module fo... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Misconfiguration
-
8.7
HIGHCVE-2025-31361
A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to ... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Authorization