Latest CVE Feed
-
6.5
MEDIUMCVE-2025-9651
A vulnerability was found in shafhasan chatbox up to 156a39cde62f78532c3265a70eda12c70907e56f. This impacts an unknown function of the file /chat.php. The manipulation of the argument user_id results in sql injection. The attack may be performed from a re... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-9374
The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated at... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.5
MEDIUMCVE-2025-58335
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project function... Read more
Affected Products : junie- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-9578
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Misconfiguration
-
5.8
MEDIUMCVE-2025-54734
Missing Authorization vulnerability in bPlugins B Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B Slider: from n/a through 1.1.30.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-53215
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8bitkid Yahoo! WebPlayer allows Reflected XSS. This issue affects Yahoo! WebPlayer: from n/a through 2.0.6.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-53579
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captcha.eu Captcha.eu allows Reflected XSS. This issue affects Captcha.eu: from n/a through n/a.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-53584
Deserialization of Untrusted Data vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System allows Object Injection. This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through 6.0.2.... Read more
Affected Products : customer_service_software_\&_support_ticket_system- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
5.9
MEDIUMCVE-2025-7071
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cryptography
-
8.1
HIGHCVE-2025-58334
In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2024-49790
IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more
Affected Products : watson_studio_on_cloud_pak_for_data- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
10.0
CRITICALCVE-2025-49387
Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through 1.5.3.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Misconfiguration
-
8.1
HIGHCVE-2025-49383
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Neresa allows PHP Local File Inclusion. This issue affects Neresa: from n/a through 1.3.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
4.3
MEDIUMCVE-2025-48363
Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert allows Cross Site Request Forgery. This issue affects Popup for CF7 with Sweet Alert: from n/a through 1.6.5.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.4
MEDIUMCVE-2025-48362
Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.2.4.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
9.8
CRITICALCVE-2025-49388
Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin allows Privilege Escalation. This issue affects Miraculous Core Plugin: from n/a through 2.0.7.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
7.7
HIGHCVE-2025-53588
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator allows Path Traversal. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
7.7
HIGHCVE-2025-54029
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in extendons WooCommerce csv import export allows Path Traversal. This issue affects WooCommerce csv import export: from n/a through 2.0.6.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
8.6
HIGHCVE-2025-53508
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to t... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-54716
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal