Latest CVE Feed
-
0.0
NACVE-2023-53318
In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'file_append' nulled but not freed upon failure... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
-
8.8
HIGHCVE-2025-10589
The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
6.7
MEDIUMCVE-2025-9818
A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation marks. If the in... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-9629
The USS Upyun plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on the uss_setting_page function when processing the uss_set form type. This m... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Request Forgery
-
0.0
NACVE-2023-53322
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Wait for io return on terminate rport System crash due to use after free. Current code allows terminate_rport_io to exit before making sure all IOs has returned. For FCP-... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
6.4
MEDIUMCVE-2025-10125
The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'row' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes.... Read more
Affected Products : memberlite_shortcodes- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2023-53323
In the Linux kernel, the following vulnerability has been resolved: ext2/dax: Fix ext2_setsize when len is page aligned PAGE_ALIGN(x) macro gives the next highest value which is multiple of pagesize. But if x is already page aligned then it simply retur... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
6.4
MEDIUMCVE-2025-8394
The Productive Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_productive_breadcrumb shortcode in all versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping on user... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-9565
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocksy_newsletter_subscribe shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user... Read more
Affected Products : blocksy_companion- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-10188
The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the bulk_remove() function. This makes it possi... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.1
MEDIUMCVE-2025-8153
Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from Ver.10.8.21 to Ver.10.8.36, from Ver.10.9.11 to Ver.10.9.24, from Ver.10.10.21 to Ver.10.10.31, Ver.10.11.6 and UNIVERGE IX-R/IX-V Ver1.3.16, Ver1.3.21 allows... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2023-53319
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Handle kvm_arm_init failure correctly in finalize_pkvm Currently there is no synchronisation between finalize_pkvm() and kvm_arm_init() initcalls. The finalize_pkvm() procee... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
5.1
MEDIUMCVE-2025-43804
Cross-site scripting (XSS) vulnerability in Search widget in Liferay Portal 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_searc... Read more
- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
6.6
MEDIUMCVE-2025-10050
The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabled_loggers parameter. This makes it possible for authenticated attackers, with Administrator-level a... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal
-
4.9
MEDIUMCVE-2025-37131
A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive informatio... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Information Disclosure
-
6.4
MEDIUMCVE-2025-10166
The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twitter' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attr... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-10143
The Catch Dark Mode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0 via the 'catch_dark_mode' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to i... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal
-
9.3
CRITICALCVE-2025-10155
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file e... Read more
Affected Products : picklescan- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-10058
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the upload_function() function in all versions up to, and including, 7.27. This makes it poss... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-37130
A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal