Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 4.3

    MEDIUM
    CVE-2025-58597

    Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 2.4.6.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization
  • 5.9

    MEDIUM
    CVE-2025-58596

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in properfraction MailOptin allows Stored XSS. This issue affects MailOptin: from n/a through 1.2.75.0.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting
  • 4.3

    MEDIUM
    CVE-2025-58594

    Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization
  • 6.5

    MEDIUM
    CVE-2025-58593

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS. This issue affects Orbit Fox by ThemeIsle: from n/a through 3.0.0.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting
  • 4.2

    MEDIUM
    CVE-2025-58460

    A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, c... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-58459

    Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization
  • 4.3

    MEDIUM
    CVE-2025-58458

    In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read p... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Information Disclosure
  • 8.8

    HIGH
    CVE-2025-57151

    phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting
  • 7.2

    HIGH
    CVE-2025-57150

    phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/subcategory.php via the categoryName parameter.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting
  • 6.5

    MEDIUM
    CVE-2025-57149

    phpgurukul Complaint Management System 2.0 is vulnerable to SQL Injection in /complaint-details.php via the cid parameter.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection
  • 0.0

    NA
    CVE-2025-57148

    phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration
  • 0.0

    NA
    CVE-2025-57147

    A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection
  • 0.0

    NA
    CVE-2025-57146

    phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection
  • 0.0

    NA
    CVE-2025-57052

    cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing al... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration
  • 0.0

    NA
    CVE-2025-56608

    The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5 is a broken cry... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cryptography
  • 5.5

    MEDIUM
    CVE-2025-9822

    SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credential... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Information Disclosure
  • 8.6

    HIGH
    CVE-2025-47421

    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted S... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection
  • 8.6

    HIGH
    CVE-2025-2416

    Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass.This issue affects LimonDesk: from s1.02.14 before v1.02.17.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication
  • 9.8

    CRITICAL
    CVE-2025-26210

    An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 through V3.1 allows a remote attacker to execute arbitrary code via unspecified input fields.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting
  • 4.7

    MEDIUM
    CVE-2025-0878

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft LimonDesk allows Cross-Site Scripting (XSS).This issue affects LimonDesk: from s1.02.14 before v1.02.17.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292199 Results