Latest CVE Feed
-
6.4
MEDIUMCVE-2025-7732
The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazy‑loading handlers in all versions up to, and including, 2.18.7 due to insufficient input sanitization and output escaping. The plugin’s JavaScript regis... Read more
Affected Products : lazy_load_for_videos- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-57818
Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery (SSRF) vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Server-Side Request Forgery
-
8.4
HIGHCVE-2025-50753
Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" (quotes included)... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
7.2
HIGHCVE-2025-36729
A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell acce... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization