Latest CVE Feed
-
6.4
MEDIUMCVE-2025-11808
The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'i... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
1.9
LOWCVE-2025-13425
A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out of range) and an application crash (denial of service) i... Read more
Affected Products : osv-scalibr- Published: Nov. 20, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Denial of Service
-
6.4
MEDIUMCVE-2025-11768
The Islamic Phrases plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'phrases' shortcode attribute in all versions up to, and including, 2.12.2015. This is due to insufficient input sanitization and output escaping. This makes it ... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
4.9
MEDIUMCVE-2025-11973
The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the __kds_flag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level acce... Read more
Affected Products : keydatas- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Path Traversal