Latest CVE Feed
-
7.7
HIGHCVE-2025-53588
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator allows Path Traversal. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-49388
Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin allows Privilege Escalation. This issue affects Miraculous Core Plugin: from n/a through 2.0.7.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
10.0
CRITICALCVE-2025-49387
Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through 1.5.3.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2025-54724
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1.... Read more
Affected Products : golo- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-49383
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Neresa allows PHP Local File Inclusion. This issue affects Neresa: from n/a through 1.3.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
4.3
MEDIUMCVE-2025-48363
Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert allows Cross Site Request Forgery. This issue affects Popup for CF7 with Sweet Alert: from n/a through 1.6.5.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-9585
A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried ... Read more
Affected Products : cf-n1_firmware- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-54995
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. Th... Read more
Affected Products : asterisk- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Information Disclosure
-
8.1
HIGHCVE-2025-53572
Deserialization of Untrusted Data vulnerability in emarket-design WP Easy Contact allows Object Injection. This issue affects WP Easy Contact: from n/a through 4.0.1.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-53247
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPInterface BlogMarks allows PHP Local File Inclusion. This issue affects BlogMarks: from n/a through 1.0.8.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2025-54710
Missing Authorization vulnerability in bPlugins Tiktok Feed allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Tiktok Feed: from n/a through 1.0.21.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
7.3
HIGHCVE-2025-40927
CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect un... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
2.3
LOWCVE-2025-9071
Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessa... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cryptography
-
8.1
HIGHCVE-2024-13342
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attac... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
5.9
MEDIUMCVE-2025-7071
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cryptography
-
6.4
MEDIUMCVE-2025-8619
The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map Block URL in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attri... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
4.7
MEDIUMCVE-2025-39245
There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.... Read more
Affected Products : hikcentral_master- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-58047
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server pa... Read more
Affected Products : volto- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-53328
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Assaf Parag Poll, Survey & Quiz Maker Plugin by Opinion Stage allows PHP Local File Inclusion. This issue affects Poll, Survey & Quiz ... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
5.4
MEDIUMCVE-2024-49790
IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more
Affected Products : watson_studio_on_cloud_pak_for_data- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting