Latest CVE Feed
-
4.8
MEDIUMCVE-2025-8700
Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memor... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-44002
Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, vi... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Race Condition
-
4.8
MEDIUMCVE-2025-53813
The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC (Transparency, Consent, and Control) permissions. Acquired resource access ... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2025-53811
The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC (Transparency, Consent, and Control) permissions. Acquired resource a... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Misconfiguration
-
4.7
MEDIUMCVE-2025-6247
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthe... Read more
Affected Products : wordpress_automatic_plugin- Published: Aug. 26, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Cross-Site Request Forgery