Latest CVE Feed
-
7.5
HIGHCVE-2025-49377
Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through <= 1.1.9.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-49376
Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through <= 2.5.9.... Read more
Affected Products : delucks_seo- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-49374
Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through <= 1.0.61.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2025-5983
The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Authorization
-
8.3
HIGHCVE-2024-58274
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Injection
-
3.1
LOWCVE-2025-62772
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Authentication
-
3.1
LOWCVE-2025-62774
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2023-53714
In the Linux kernel, the following vulnerability has been resolved: drm/stm: ltdc: fix late dereference check In ltdc_crtc_set_crc_source(), struct drm_crtc was dereferenced in a container_of() before the pointer check. This could cause a kernel panic. ... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53717
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a t... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53693
In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix the memory leak in raw_gadget driver Currently, increasing raw_dev->count happens before invoke the raw_queue_event(), if the raw_queue_event() return error, invoke raw... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50557
In the Linux kernel, the following vulnerability has been resolved: pinctrl: thunderbay: fix possible memory leak in thunderbay_build_functions() The thunderbay_add_functions() will free memory of thunderbay_funcs when everything is ok, but thunderbay_f... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50560
In the Linux kernel, the following vulnerability has been resolved: drm/meson: explicitly remove aggregate driver at module unload time Because component_master_del wasn't being called when unloading the meson_drm module, the aggregate device would ling... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53708
In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects If a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE` objects while evaluating the AMD LPS0 _DSM, there will ... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53711
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, becau... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53719
In the Linux kernel, the following vulnerability has been resolved: serial: arc_uart: fix of_iomap leak in `arc_serial_probe` Smatch reports: drivers/tty/serial/arc_uart.c:631 arc_serial_probe() warn: 'port->membase' from of_iomap() not released on lin... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
-
0.0
NACVE-2023-53722
In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1_remove_disk() If rddev->raid_disk is greater than mddev->raid_disks, there will be an out-of-bounds in raid1_remove_disk(). We have already found s... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
6.4
MEDIUMCVE-2025-11804
The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11807
The Mixlr Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mixlr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'url' attribute. This ma... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-10651
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'order_mail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the order_mail field and a lack of escaping on out... Read more
Affected Products : welcart_e-commerce- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11809
The WP-Force Images Download plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfid' shortcode in all versions up to, and including, 1.8. This is due to insufficient input sanitization and output escaping on the 'class' attribute... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting