Latest CVE Feed
-
6.5
MEDIUMCVE-2025-9411
A security vulnerability has been detected in lostvip-com ruoyi-go up to 2.1. The impacted element is the function SelectPageList of the file modules/system/service/LoginInforService.go. The manipulation of the argument isAsc leads to sql injection. The a... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-6737
Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authentication
-
4.6
MEDIUMCVE-2025-43769
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to exec... Read more
- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-7828
The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the post_listing_page() function in all versions up to, and including, 0.4. This makes it possible for authentic... Read more
Affected Products :- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-7839
The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rp_dpo_dpa_ajax_dp_delete_data() funct... Read more
Affected Products :- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cross-Site Request Forgery