Latest CVE Feed
-
8.7
HIGHCVE-2025-58072
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, arbitrary files may be viewed by a remote unauthenticated... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-48327
Missing Authorization vulnerability in inkthemes WP Mailgun SMTP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Mailgun SMTP: from n/a through 1.0.7.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-58081
Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to view arbitrary files with root privileges.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2025-48348
Incorrect Privilege Assignment vulnerability in chandrashekharsahu Site Offline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Site Offline: from n/a through 1.5.7.... Read more
Affected Products : site_offline- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-48351
Cross-Site Request Forgery (CSRF) vulnerability in PluginsPoint Kento Splash Screen allows Stored XSS. This issue affects Kento Splash Screen: from n/a through 1.4.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery