Latest CVE Feed
-
5.3
MEDIUMCVE-2025-10148
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malici... Read more
Affected Products : curl- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-10288
A vulnerability was found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The impacted element is an unknown function of the file /user/info/list. Performing manipulation results in improper authentication. It is possible to initiate ... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2025-9881
The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.1
MEDIUMCVE-2025-9880
The Side Slide Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attac... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-10327
A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command inject... Read more
Affected Products : phoniebox- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-43795
Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redir... Read more
- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-10210
A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The ... Read more
Affected Products : chancms- Published: Sep. 10, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-10211
A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack... Read more
Affected Products : chancms- Published: Sep. 10, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Server-Side Request Forgery
-
7.8
HIGHCVE-2025-9275
Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oxford Instruments Imaris Viewer. User interaction... Read more
Affected Products : imaris_viewer- Published: Sep. 02, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-9274
Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oxford Instruments Imaris Viewer. User interacti... Read more
Affected Products : imaris_viewer- Published: Sep. 02, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-8627
The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0.... Read more
- Published: Aug. 25, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2025-9111
The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is ... Read more
Affected Products : wpbot- Published: Sep. 09, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-54242
Premiere Pro versions 25.3, 24.6.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2025-54256
Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.4
MEDIUMCVE-2025-54255
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Exploitation of this issue does not require user interaction... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-54257
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-58795
Missing Authorization vulnerability in Payoneer Inc. Payoneer Checkout allows Content Spoofing.This issue affects Payoneer Checkout: from n/a through 3.4.0.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-52161
Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting (XSS) vulnerability.... Read more
Affected Products : weblication_cms- Published: Sep. 08, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-55998
A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify App 1.0 allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the color filter parameter.... Read more
Affected Products : smart_search_and_filter- Published: Sep. 08, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-57141
rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.... Read more
Affected Products : ruisibi- Published: Sep. 08, 2025
- Modified: Sep. 12, 2025