Latest CVE Feed
-
8.9
HIGHCVE-2025-60507
Cross site scripting vulnerability in Moodle GeniAI plugin (local_geniai) 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. W... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-62695
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affects Mediawiki - WikiLambda Extension: master.... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
-
9.1
CRITICALCVE-2025-10916
The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
-
8.7
HIGHCVE-2025-11949
EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality.... Read more
Affected Products : easyflow_.net- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication