Latest CVE Feed
-
4.3
MEDIUMCVE-2025-58599
Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Order Delivery Date for WooCommerce: from n/a through 4.1.0.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-0280
A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-36193
IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation Advisor Operator Catalog image.... Read more
Affected Products : transformation_advisor- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2022-39888
Improper access control vulnerability in retrieveExternalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to access to Proxy information.... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-58597
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 2.4.6.... Read more
Affected Products : wpforo_forum- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-58637
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart allows PHP Local File Inclusion. This issue affects immonex Kickstart: from n/a through 1.11.6.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-58600
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Member Subscriptions: from n/a through 2.15.9.... Read more
Affected Products : paid_membership_subscriptions- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-58358
Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to child_process.exec, enabling an a... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-58623
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bohemia Plugins Event Feed for Eventbrite allows DOM-Based XSS. This issue affects Event Feed for Eventbrite: from n/a through 1.3.2.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-58635
Missing Authorization vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Support Genix: from n/a through 1.4.23.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
7.6
HIGHCVE-2025-58604
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.5.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Injection
-
5.9
MEDIUMCVE-2025-58631
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 IssueM allows DOM-Based XSS. This issue affects IssueM: from n/a through 2.9.0.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-58644
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition allows Object Injection. This issue affects LTL Freight Quotes - TQL Edition: from n/a through 1.2.6.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-58608
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress allows PHP Local File Inclusion. This issue affects MediaPress: from n/a through 1.5.9.1.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-58620
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for WPForms allows Stored XSS. This issue affects PDF for WPForms: from n/a through 6.2.1.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
9.6
CRITICALCVE-2025-58357
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page's script gadgets that enables content injection attacks through multiple vectors: malicious prom... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Injection
-
7.7
HIGHCVE-2025-58355
Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0.... Read more
Affected Products : soft_serve- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Information Disclosure
-
8.6
HIGHCVE-2025-9377
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both prod... Read more
Affected Products : archer_c7_firmware tl-wr841n_firmware tl-wr841n archer_c7 tl-wr841nd_firmware tl-wr841nd- Actively Exploited
- Published: Aug. 29, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authentication
-
7.2
HIGHCVE-2025-57811
Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI (Server-Side Template Injection). This is a follow-up to CVE-2024-52293.... Read more
Affected Products : craft_cms- Published: Aug. 25, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Injection
-
7.0
HIGHCVE-2025-8447
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. To exploit this vuln... Read more
Affected Products : enterprise_server- Published: Aug. 26, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization