Latest CVE Feed
-
6.1
MEDIUMCVE-2025-59981
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Template Definition page that, when visited by another user, enabl... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-59991
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Management pages that, when visited by another user, enable the at... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-59993
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Space Node Setting fields that, when visited by another user, enable the ... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-60001
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the atta... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2025-11198
A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates depl... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
-
7.1
HIGHCVE-2025-59976
An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker ... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
6.9
MEDIUMCVE-2025-59958
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availab... Read more
Affected Products : junos_os_evolved- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-59964
A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When forwarding-options sampling is ... Read more
Affected Products : junos- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
9.0
HIGHCVE-2025-11653
A vulnerability was determined in UTT HiPER 2620G up to 3.1.4. Impacted is the function strcpy of the file /goform/fNTP. This manipulation of the argument NTPServerIP causes buffer overflow. It is possible to initiate the attack remotely. The exploit has ... Read more
Affected Products :- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Memory Corruption
-
4.6
MEDIUMCVE-2025-31992
HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session.... Read more
Affected Products :- Published: Oct. 12, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-8593
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'install_plugin' function. This makes it possible for authenticat... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
6.4
MEDIUMCVE-2025-10190
The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-6553
The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_checkout() function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attacke... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
-
2.4
LOWCVE-2025-11645
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possibl... Read more
Affected Products :- Published: Oct. 12, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
-
6.4
MEDIUMCVE-2025-9560
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_newsletter shortcode in all versions up to, and including, 1.0.334 due to insufficient input sanitization and output escaping on user suppl... Read more
Affected Products : colibri_page_builder- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-59530
quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a p... Read more
Affected Products : quic-go- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
2.4
LOWCVE-2025-8606
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activate_plugin and deactivate_plugin functions.... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.7
MEDIUMCVE-2025-11167
The CM Registration – Tailored tool for seamless login and invitation-based registrations plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.5.6. This is due to insufficient validation on the redirect url supplied ... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-9196
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the ~/admin/inc/phpinfo.php file that gets created on in... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
-
4.9
MEDIUMCVE-2025-10185
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nf_load_form_entries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user su... Read more
Affected Products : nex-forms- Published: Oct. 11, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection