Latest CVE Feed
-
6.5
MEDIUMCVE-2025-58838
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zakir Smooth Accordion allows Stored XSS. This issue affects Smooth Accordion: from n/a through 2.1.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
4.9
MEDIUMCVE-2025-58829
Server-Side Request Forgery (SSRF) vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Server Side Request Forgery. This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) ... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2025-58826
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Mann WP Publication Archive allows Stored XSS. This issue affects WP Publication Archive : from n/a through 3.0.1.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-58824
Missing Authorization vulnerability in webriti Shk Corporate allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shk Corporate: from n/a through 2.4.1.1.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-58817
Missing Authorization vulnerability in DesertThemes SoftMe allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SoftMe: from n/a through 1.1.24.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Authorization
-
7.2
HIGHCVE-2025-58815
Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon allows Object Injection. This issue affects Aitasi Coming Soon: from n/a through 2.0.2.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
5.9
MEDIUMCVE-2025-58805
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Stored XSS. This issue affects Widgetize Pages Light: from n/a through 3.0.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58796
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dudaster Elementor Element Condition allows Stored XSS. This issue affects Elementor Element Condition: from n/a through 1.0.5.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
3.2
LOWCVE-2024-21977
Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2025-58400
RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-55037
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacke... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-55739
api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that insta... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2025-55305
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass ... Read more
Affected Products : electron- Published: Sep. 04, 2025
- Modified: Sep. 05, 2025
-
9.0
CRITICALCVE-2025-55244
Azure Bot Service Elevation of Privilege Vulnerability... Read more
Affected Products : azure_bot_service- Published: Sep. 04, 2025
- Modified: Sep. 05, 2025
-
8.2
HIGHCVE-2025-58353
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi, '')`. Because the package us... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-9834
A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. It is possible to launch the attack re... Read more
Affected Products : small_crm- Published: Sep. 02, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-9835
A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The expl... Read more
Affected Products : mall- Published: Sep. 02, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-9837
A vulnerability was determined in itsourcecode Student Information Management System 1.0. This issue affects some unknown processing of the file /admin/modules/student/index.php. This manipulation of the argument studentId causes sql injection. The attack... Read more
Affected Products : student_information_management_system- Published: Sep. 02, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-9838
A vulnerability was identified in itsourcecode Student Information Management System 1.0. Impacted is an unknown function of the file /admin/modules/subject/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched... Read more
Affected Products : student_information_management_system- Published: Sep. 02, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-9839
A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/course/index.php. Performing manipulation of the argument ID results in sql injection. Re... Read more
Affected Products : student_information_management_system- Published: Sep. 02, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection