Latest CVE Feed
-
2.4
LOWCVE-2025-36755
The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to c... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Information Disclosure
-
6.4
MEDIUMCVE-2025-13840
The BUKAZU Search widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortcode' parameter of the 'bukazu_search' shortcode in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escapin... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-13843
The VigLink SpotLight By ShortCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'float' parameter of the 'spotlight' shortcode in all versions up to, and including, 1.0.a due to insufficient input sanitization and output escap... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-58770
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Inte... Read more
Affected Products : aptio_v- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
8.2
HIGHCVE-2025-10451
Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption.... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Memory Corruption