Latest CVE Feed
-
6.5
MEDIUMCVE-2025-55750
Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain conditions allowed a crafted link to expose a valid Bit... Read more
Affected Products : gitpod- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Information Disclosure
-
6.4
MEDIUMCVE-2025-8150
The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter and Countdown widgets in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on us... Read more
Affected Products : events_addon_for_elementor- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-8861
TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
8.1
HIGHCVE-2025-58334
In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-58047
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server pa... Read more
Affected Products : volto- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service