Latest CVE Feed
-
6.4
MEDIUMCVE-2025-8294
The Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
-
8.8
HIGHCVE-2025-6207
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attack... Read more
Affected Products : wp_import_export_lite- Published: Aug. 05, 2025
- Modified: Aug. 12, 2025
-
8.8
HIGHCVE-2025-5061
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated atta... Read more
Affected Products : wp_import_export_lite- Published: Aug. 05, 2025
- Modified: Aug. 13, 2025
-
7.8
HIGHCVE-2025-41698
A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
-
5.5
MEDIUMCVE-2025-2810
A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
-
4.8
MEDIUMCVE-2025-8550
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/topic/list. The manipulation of the argument Username leads to cross site scripting. T... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
-
6.3
MEDIUMCVE-2025-8549
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requiremen... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
-
6.3
MEDIUMCVE-2025-8548
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. ... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
-
6.4
MEDIUMCVE-2025-8315
The WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more
Affected Products : wp_easy_contact- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
-
6.4
MEDIUMCVE-2025-8313
The Campus Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for auth... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
-
7.2
HIGHCVE-2025-7050
The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and including, 3.3.1 due to insufficient input sanitization and outp... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
-
5.5
MEDIUMCVE-2025-8547
A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. This vulnerability affects unknown code of the component Email Verification Handler. The manipulation leads to improper authorization. The attack can be initiated remote... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
-
9.6
CRITICALCVE-2025-54982
An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
-
5.5
MEDIUMCVE-2025-8546
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the ... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
-
4.8
MEDIUMCVE-2025-8545
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /intranet/educar_motivo_afastamento_cad.php. The manipulation of the argument nm_motivo lead... Read more
Affected Products : i-educar- Published: Aug. 05, 2025
- Modified: Aug. 12, 2025
-
4.8
MEDIUMCVE-2025-8544
A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Affected by this vulnerability is an unknown functionality of the file /module/RegraAvaliacao/edit. The manipulation of the argument nome leads to cross site scripting. The a... Read more
Affected Products : i-educar- Published: Aug. 05, 2025
- Modified: Aug. 12, 2025
-
7.5
HIGHCVE-2025-54868
LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored c... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
-
4.8
MEDIUMCVE-2025-8543
A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educar_raca_cad.php. The manipulation of the argument nm_raca leads to cross site scripting. It is possible to laun... Read more
Affected Products : i-educar- Published: Aug. 05, 2025
- Modified: Aug. 12, 2025
-
4.8
MEDIUMCVE-2025-8542
A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresas_cad.php. The manipulation of the argument fantasia/razao_social leads to cross site scriptin... Read more
Affected Products : i-educar- Published: Aug. 05, 2025
- Modified: Aug. 12, 2025
-
4.8
MEDIUMCVE-2025-8541
A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /intranet/public_uf_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack ca... Read more
Affected Products : i-educar- Published: Aug. 05, 2025
- Modified: Aug. 12, 2025