Latest CVE Feed
-
6.4
MEDIUMCVE-2025-12691
The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up to, and including, 3.21 due to insufficient input sanitization and ou... Read more
Affected Products :- Published: Nov. 18, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Cross-Site Scripting
-
3.2
LOWCVE-2025-12792
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC (Transparency, Consent, and Control) permis... Read more
Affected Products : canva- Published: Nov. 18, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-12406
The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage() function. This makes it possible for... Read more
Affected Products :- Published: Nov. 18, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.8
HIGHCVE-2025-13319
An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the att... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Injection