Latest CVE Feed
-
9.2
CRITICALCVE-2025-55089
In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2025-41019
SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticket_detail'.... Read more
Affected Products : exito- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10850
The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fb_ajax_login_or_register' function and in the 'google_ajax_login_or_register' functio... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-10611
Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerab... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Authentication
-
6.4
MEDIUMCVE-2025-11814
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to... Read more
Affected Products : ultimate_addons_for_wpbakery_page_builder- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Scripting