Latest CVE Feed
-
7.5
HIGHCVE-2025-12105
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message q... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-11429
A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overr... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-10727
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS.This issue affects AcBakImzala: before v5.1.4.... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-10355
Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This vulnerability allows an attacker to create a malicious URL using a manipulated redirection parameter, potentially leading users to phishing sites or other malicious destinations via “/%2f%2f<M... Read more
Affected Products : molgenis_emx2- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-10705
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due to insufficient validation of user-supplied URLs in the PDF processing functionality. Th... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Server-Side Request Forgery
-
5.3
MEDIUMCVE-2025-11760
The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in cli... Read more
Affected Products :- Published: Oct. 25, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-11976
The FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missin... Read more
Affected Products :- Published: Oct. 25, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.4
MEDIUMCVE-2025-11897
The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ the7_fancy_title_css’ parameter in all versions up to, and including, 12.9.1 due to insufficient input sanitization and outpu... Read more
Affected Products :- Published: Oct. 25, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
8.2
HIGHCVE-2025-46183
The Utils.deserialize function in pgCodeKeeper 10.12.0 processes serialized data from untrusted sources. If an attacker provides a specially crafted .ser file, deserialization may result in unintended code execution or other malicious behavior on the targ... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-5605
An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in p... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authentication
-
6.8
MEDIUMCVE-2025-12136
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-wit... Read more
Affected Products : wordpress_real_cookie_banner- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Server-Side Request Forgery
-
4.3
MEDIUMCVE-2025-11257
The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authent... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-10874
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Server-Side Request Forgery
-
6.9
MEDIUMCVE-2025-62236
The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks.... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-12044
Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-... Read more
Affected Products : vault- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-6980
Captive Portal can expose sensitive information... Read more
Affected Products : arista_edge_threat_management_-_arista_next_generation_firewall- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
5.4
MEDIUMCVE-2025-6639
The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignm... Read more
Affected Products :- Published: Oct. 25, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-11564
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook signatures on the "verifyAndCreateOrderData" function in all versions... Read more
Affected Products : tutor_lms- Published: Oct. 25, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authorization
-
6.8
MEDIUMCVE-2025-56438
An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authentication
-
8.3
HIGHCVE-2025-58078
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary ... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Path Traversal