Latest CVE Feed
-
6.4
MEDIUMCVE-2025-9131
The Ogulo – 360° Tour plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more
Affected Products :- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-45968
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR) vulnerability, which occurs due to a lack of proper authorization che... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-43765
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote no... Read more
- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-7821
The WC Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pluswc_logo_favicon_logo_base' AJAX action in all versions up to, and including, 1.2.0. This makes it possible for unauthenticate... Read more
Affected Products :- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-9400
A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible.... Read more
Affected Products : yifang- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Misconfiguration