Latest CVE Feed
-
6.4
MEDIUMCVE-2025-9131
The Ogulo – 360° Tour plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more
Affected Products :- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-7827
The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ni_woocpr_action() function in all versions up to, and including, 1.2.4. This makes it possible for... Read more
Affected Products :- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-9398
A security vulnerability has been detected in YiFang CMS up to 2.0.5. Affected by this vulnerability is the function exportInstallTable of the file app/utils/base/database/Migrate.php. The manipulation leads to information disclosure. The attack may be in... Read more
Affected Products : yifang- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Information Disclosure
-
7.0
HIGHCVE-2025-51281
D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. This vulnerability allows authenticated attackers to cause a Denial of Service (DoS) by sending crafted GET requests with overly long va... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Denial of Service
-
7.2
HIGHCVE-2025-29523
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Injection