Latest CVE Feed
-
6.4
MEDIUMCVE-2025-8603
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.148 due to insufficient input sanitization and output escaping. This makes it possible for... Read more
Affected Products : unlimited_elements_for_elementor- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-58217
Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News allows Stored XSS. This issue affects Instant Breaking News: from n/a through 1.0.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-58213
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ameliabooking Booking System Trafft allows Stored XSS. This issue affects Booking System Trafft: from n/a through 1.0.14.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58211
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexvtn Chatbox Manager allows Stored XSS. This issue affects Chatbox Manager: from n/a through 1.2.6.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.0
MEDIUMCVE-2025-20262
A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a cra... Read more
Affected Products : nx-os- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service
-
9.6
CRITICALCVE-2025-43728
Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Misconfiguration
-
5.8
MEDIUMCVE-2025-9528
A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launch... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-30063
The configuration file containing database logins and passwords is readable by any local user.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Information Disclosure
-
6.3
MEDIUMCVE-2025-9514
A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly co... Read more
Affected Products : mall- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
9.4
CRITICALCVE-2025-30057
In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
6.9
MEDIUMCVE-2025-30060
In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2021-4459
An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
6.0
MEDIUMCVE-2025-20295
A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device... Read more
Affected Products : unified_computing_system- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
4.3
MEDIUMCVE-2025-58202
Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction allows Cross Site Request Forgery. This issue affects Simple Page Access Restriction: from n/a through 1.0.32.... Read more
Affected Products : simple_page_access_restriction- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.7
HIGHCVE-2024-13982
SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rj_get_token.php endpoint. The flaw arises from insufficient input validation on the jsondata[ur... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
10.0
CRITICALCVE-2024-13984
QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoi... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
5.4
MEDIUMCVE-2025-9352
The Pronamic Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the description field in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authent... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2024-9648
The WP ULike Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the WP_Ulike_Pro_File_Uploader class in all versions up to, and including, 1.9.3. This makes it possible for unauthenticated attacker... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-48316
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ItayXD Responsive Mobile-Friendly Tooltip allows Stored XSS. This issue affects Responsive Mobile-Friendly Tooltip: from n/a through 1.6.6.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-48320
Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 allows Stored XSS. This issue affects 百度分享按钮: from n/a through 1.0.6.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery