Latest CVE Feed
-
5.3
MEDIUMCVE-2025-12525
The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockerco_submit_post' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protect... Read more
Affected Products :- Published: Nov. 25, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-12040
The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.9 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. Thi... Read more
Affected Products :- Published: Nov. 25, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-65951
Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF a... Read more
Affected Products :- Published: Nov. 25, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Cryptography
-
9.8
CRITICALCVE-2024-47856
In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory... Read more
Affected Products :- Published: Nov. 24, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Path Traversal