Latest CVE Feed
-
7.3
HIGHCVE-2025-47909
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit ... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.7
HIGHCVE-2025-58323
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2025-9591
A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scr... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-9619
A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is pos... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
5.4
MEDIUMCVE-2025-31979
A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the application fails to properly enforce file type restrictions during the upload process. An attacker may exploit this flaw to upload malicious or unauthorized... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-58058
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memor... Read more
Affected Products : xz- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-9639
The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
8.5
HIGHCVE-2025-49404
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in purethemes Listeo-Core allows SQL Injection. This issue affects Listeo-Core: from n/a through 1.9.32.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-53227
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine Saga allows PHP Local File Inclusion. This issue affects Magazine Saga: from n/a through 1.2.7.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-31977
HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cryptography
-
6.5
MEDIUMCVE-2025-31972
HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Information Disclosure
-
5.9
MEDIUMCVE-2025-7383
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cryptography
-
5.9
MEDIUMCVE-2025-7071
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cryptography
-
6.4
MEDIUMCVE-2025-8619
The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map Block URL in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attri... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-53247
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPInterface BlogMarks allows PHP Local File Inclusion. This issue affects BlogMarks: from n/a through 1.0.8.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
3.4
LOWCVE-2025-48979
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-53220
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XmasB XmasB Quotes allows Reflected XSS. This issue affects XmasB Quotes: from n/a through 1.6.1.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-39246
There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Misconfiguration
-
6.4
MEDIUMCVE-2025-8150
The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter and Countdown widgets in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on us... Read more
Affected Products : events_addon_for_elementor- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2024-48908
lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has be... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection