Latest CVE Feed
-
4.3
MEDIUMCVE-2025-58597
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 2.4.6.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-58596
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in properfraction MailOptin allows Stored XSS. This issue affects MailOptin: from n/a through 1.2.75.0.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-58594
Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-58593
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS. This issue affects Orbit Fox by ThemeIsle: from n/a through 3.0.0.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Scripting
-
4.2
MEDIUMCVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, c... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-58459
Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-58458
In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read p... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-57151
phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-57150
phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/subcategory.php via the categoryName parameter.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-57149
phpgurukul Complaint Management System 2.0 is vulnerable to SQL Injection in /complaint-details.php via the cid parameter.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-57148
phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-57147
A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-57146
phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-57052
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing al... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-56608
The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5 is a broken cry... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cryptography
-
5.5
MEDIUMCVE-2025-9822
SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credential... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Information Disclosure
-
8.6
HIGHCVE-2025-47421
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted S... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Injection
-
8.6
HIGHCVE-2025-2416
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass.This issue affects LimonDesk: from s1.02.14 before v1.02.17.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-26210
An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 through V3.1 allows a remote attacker to execute arbitrary code via unspecified input fields.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Scripting
-
4.7
MEDIUMCVE-2025-0878
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft LimonDesk allows Cross-Site Scripting (XSS).This issue affects LimonDesk: from s1.02.14 before v1.02.17.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Scripting