Latest CVE Feed
-
6.4
MEDIUMCVE-2025-6221
The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att... Read more
Affected Products :- Published: Aug. 16, 2025
- Modified: Aug. 18, 2025
-
8.8
HIGHCVE-2025-6080
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and including, 67.7.0. This is due to the plugin not properly validating a user's capabilities prior to adding use... Read more
Affected Products : wordpress_gym_management_system- Published: Aug. 16, 2025
- Modified: Aug. 18, 2025
-
8.8
HIGHCVE-2025-6079
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. This makes it possible for authenticated att... Read more
Affected Products : school_management_system- Published: Aug. 16, 2025
- Modified: Aug. 18, 2025
-
8.8
HIGHCVE-2025-3671
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access ... Read more
Affected Products : wordpress_gym_management_system- Published: Aug. 16, 2025
- Modified: Aug. 18, 2025
-
6.6
MEDIUMCVE-2024-8393
The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access an... Read more
Affected Products :- Published: Aug. 16, 2025
- Modified: Aug. 18, 2025
-
7.5
HIGHCVE-2024-12612
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to insufficient escaping on the user supplied parameter and ... Read more
Affected Products : school_management_system- Published: Aug. 16, 2025
- Modified: Aug. 18, 2025
-
8.8
HIGHCVE-2025-49895
Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5.... Read more
Affected Products :- Published: Aug. 16, 2025
- Modified: Aug. 18, 2025
-
5.3
MEDIUMCVE-2024-12575
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated atta... Read more
Affected Products : poll_maker- Published: Aug. 16, 2025
- Modified: Aug. 18, 2025
-
7.1
HIGHCVE-2025-55284
Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe comm... Read more
Affected Products :- Published: Aug. 16, 2025
- Modified: Aug. 18, 2025
-
7.3
HIGHCVE-2025-55286
z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing (MSAA) method, which uses a new buffering mechanism for storing coverage data. This differs from the standard alpha mask surface used for the previous super-s... Read more
Affected Products :- Published: Aug. 16, 2025
- Modified: Aug. 18, 2025
-
3.1
LOWCVE-2017-20199
A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality. The manipulation results in improper access controls. The attack may be performed from a remote location. A high c... Read more
Affected Products :- Published: Aug. 16, 2025
- Modified: Aug. 18, 2025
-
5.3
MEDIUMCVE-2025-52621
HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for ... Read more
Affected Products :- Published: Aug. 15, 2025
- Modified: Aug. 18, 2025
-
4.3
MEDIUMCVE-2025-52620
HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format.... Read more
Affected Products :- Published: Aug. 15, 2025
- Modified: Aug. 18, 2025
-
5.3
MEDIUMCVE-2025-52619
HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.... Read more
Affected Products :- Published: Aug. 15, 2025
- Modified: Aug. 18, 2025
-
4.3
MEDIUMCVE-2025-52618
HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries.... Read more
Affected Products :- Published: Aug. 15, 2025
- Modified: Aug. 18, 2025
-
6.2
MEDIUMCVE-2025-43201
This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.... Read more
Affected Products : music_classical- Published: Aug. 15, 2025
- Modified: Aug. 21, 2025
-
7.5
HIGHCVE-2025-8959
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.... Read more
- Published: Aug. 15, 2025
- Modified: Aug. 18, 2025
-
5.4
MEDIUMCVE-2025-36088
IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality p... Read more
Affected Products :- Published: Aug. 15, 2025
- Modified: Aug. 18, 2025
-
4.8
MEDIUMCVE-2025-43490
A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.... Read more
Affected Products :- Published: Aug. 15, 2025
- Modified: Aug. 18, 2025
-
2.6
LOWCVE-2025-55285
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly... Read more
Affected Products : backstage- Published: Aug. 15, 2025
- Modified: Aug. 18, 2025