Latest CVE Feed
-
4.3
MEDIUMCVE-2025-58594
Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.... Read more
Affected Products : brizy- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-58602
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through ... Read more
Affected Products : dynamic_content_personalization- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
8.6
HIGHCVE-2025-2411
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.This issue affects TaskPano: from s1.06.04 before v1.06.06.... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authentication
-
7.7
HIGHCVE-2024-34598
Improper export of component in GoodLock prior to version 2.2.04.95 allows local attackers to install arbitrary applications from Galaxy Store.... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Misconfiguration
-
7.2
HIGHCVE-2025-58643
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition allows Object Injection. This issue affects LTL Freight Quotes – Daylight Edition: from n/a through 2.2.7.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-58642
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition allows Object Injection. This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through 2.1.11.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Injection
-
5.9
MEDIUMCVE-2025-58596
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in properfraction MailOptin allows Stored XSS. This issue affects MailOptin: from n/a through 1.2.75.0.... Read more
Affected Products : mailoptin- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-9937
A security flaw has been discovered in elunez eladmin 1.1. Impacted is the function deleteFile of the component LocalStorageController. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been relea... Read more
Affected Products : eladmin- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
7.2
HIGHCVE-2025-9518
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debug_path' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated attackers, with Admi... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Path Traversal
-
4.3
MEDIUMCVE-2025-58617
Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects F4 Media Taxonomies: from n/a through 1.1.4.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-58637
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart allows PHP Local File Inclusion. This issue affects immonex Kickstart: from n/a through 1.11.6.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Path Traversal
-
4.3
MEDIUMCVE-2025-58597
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 2.4.6.... Read more
Affected Products : wpforo_forum- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-58626
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RumbleTalk RumbleTalk Live Group Chat allows Stored XSS. This issue affects RumbleTalk Live Group Chat: from n/a through 6.3.5.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-43772
Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume... Read more
- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-20335
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerabi... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-20336
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vu... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-9936
A vulnerability was identified in fuyang_lipengjun platform 1.0.0. This issue affects the function AdController of the file /ad/queryAll. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is p... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
6.6
MEDIUMCVE-2025-58598
Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Klarna Order Management for WooCommerce: from n/a through 1.9.8.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-58610
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks allows Stored XSS. This issue affects Gallery PhotoBlocks: from n/a through 1.3.1.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-8268
The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated ... Read more
Affected Products : ai_engine- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization