Latest CVE Feed
-
4.8
MEDIUMCVE-2025-9416
A security flaw has been discovered in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The manipulation results in cross site scripting. The attack may be performed from... Read more
Affected Products : samarium- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-5821
The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_logi... Read more
Affected Products :- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authentication
-
8.1
HIGHCVE-2025-5352
A critical stored Cross-Site Scripting (XSS) vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTM... Read more
Affected Products : lunary- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cross-Site Scripting
-
2.5
LOWCVE-2025-9383
A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. T... Read more
Affected Products :- Published: Aug. 24, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cryptography
-
8.1
HIGHCVE-2025-5060
The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.0. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_ca... Read more
Affected Products :- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authentication