Latest CVE Feed
-
6.9
MEDIUMCVE-2025-30060
In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-30057
In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2025-9514
A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly co... Read more
Affected Products : mall- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-7955
The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers t... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-7956
The Ajax Search Lite plugin for WordPress is vulnerable to Basic Information Exposure due to missing authorization in its AJAX search handler in all versions up to, and including, 4.13.1. This makes it possible for unauthenticated attackers to issue repea... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2023-7307
Sangfor Behavior Management System (also referred to as DC Management System in Chinese-language documentation) contains an XML external entity (XXE) injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit c... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: XML External Entity
-
5.3
MEDIUMCVE-2025-48327
Missing Authorization vulnerability in inkthemes WP Mailgun SMTP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Mailgun SMTP: from n/a through 1.0.7.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-48360
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching allows Stored XSS. This issue affects Varnish/Nginx Proxy Caching: from n/a through 1.8.3.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-48318
Cross-Site Request Forgery (CSRF) vulnerability in shen2 多说社会化评论框 allows Cross Site Request Forgery. This issue affects 多说社会化评论框: from n/a through 1.2.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-48312
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 文派翻译(WP Chinese Translation) WPAvatar allows Stored XSS. This issue affects WPAvatar: from n/a through 1.9.3.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-53970
SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
5.9
MEDIUMCVE-2025-48314
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salubrio Add Code To Head allows Stored XSS. This issue affects Add Code To Head: from n/a through 1.17.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-9344
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uwp_profile' and 'uwp_profile_header' shortcodes in all versions up t... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
10.0
CRITICALCVE-2024-13985
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capture_handle.action interface. The flaw stems from improper input validation in the captureCom... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-58217
Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News allows Stored XSS. This issue affects Instant Breaking News: from n/a through 1.0.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-58194
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.4.3.... Read more
Affected Products : bold_page_builder- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
4.4
MEDIUMCVE-2025-58203
Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.2.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Server-Side Request Forgery
-
5.9
MEDIUMCVE-2025-58216
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Thumbtack Review Slider allows Stored XSS. This issue affects WP Thumbtack Review Slider: from n/a through 2.6.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58205
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.6.... Read more
Affected Products : elementinvader_addons_for_elementor- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58198
Missing Authorization vulnerability in Xpro Xpro Theme Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Xpro Theme Builder: from n/a through 1.2.9.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization