Latest CVE Feed
-
6.5
MEDIUMCVE-2025-58002
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD bbPress Tools allows DOM-Based XSS. This issue affects GD bbPress Tools: from n/a through 3.5.3.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-59535
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not u... Read more
Affected Products : dotnetnuke- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-59549
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps GetResponse Forms allows Stored XSS. This issue affects GetResponse Forms: from n/a through 2.6.0.... Read more
Affected Products : getresponse_forms- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-59587
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance allows DOM-Based XSS. This issue affects Penci Shortcodes & Performance: from n/a through n/a.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-58655
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mattia Roccoberton Category Featured Images allows Stored XSS. This issue affects Category Featured Images: from n/a through 1.1.8.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-58656
Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Estonian Shipping Methods for WooCommerce: from n/a through 1.7.2.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Information Disclosure
-
7.2
HIGHCVE-2025-58662
Deserialization of Untrusted Data vulnerability in awesomesupport Awesome Support allows Object Injection. This issue affects Awesome Support: from n/a through 6.3.4.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-58666
Missing Authorization vulnerability in Kommo Website Chat Button: Kommo integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Website Chat Button: Kommo integration: from n/a through 1.3.1.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-7988
Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to expl... Read more
Affected Products : graphite- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-7987
Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to expl... Read more
Affected Products : graphite- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-7986
Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to expl... Read more
Affected Products : graphite- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-7983
Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required ... Read more
Affected Products : graphite- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-7981
Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to e... Read more
Affected Products : graphite- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-7980
Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to expl... Read more
Affected Products : graphite- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-7979
Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required... Read more
Affected Products : graphite- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-7978
Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to e... Read more
Affected Products : graphite- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-7985
Ashlar-Vellum Cobalt VC6 File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit thi... Read more
Affected Products : cobalt- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-7984
Ashlar-Vellum Cobalt AR File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploi... Read more
Affected Products : cobalt- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-7982
Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this... Read more
Affected Products : cobalt- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-7977
Ashlar-Vellum Cobalt LI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit th... Read more
Affected Products : cobalt- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption