Latest CVE Feed
-
8.7
HIGHCVE-2025-8424
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
7.9
HIGHCVE-2025-57820
Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__ property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objec... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Misconfiguration
-
6.4
MEDIUMCVE-2025-9277
The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken preg_replace expression in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it pos... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-49035
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chaimchaikin Admin Menu Groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through 0.1.2.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-57818
Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery (SSRF) vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Server-Side Request Forgery