Latest CVE Feed
-
8.1
HIGHCVE-2025-53244
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine Elite allows PHP Local File Inclusion. This issue affects Magazine Elite: from n/a through 1.2.4.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
2.3
LOWCVE-2025-9071
Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessa... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cryptography
-
9.8
CRITICALCVE-2025-52761
Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager allows Object Injection. This issue affects WP Funnel Manager: from n/a through 1.4.0.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-9590
A vulnerability was identified in Weaver E-Mobile Mobile Management Platform up to 20250813. Affected by this vulnerability is an unknown functionality. The manipulation of the argument gohome leads to cross site scripting. The attack can be initiated rem... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-53224
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Koen Schuit NextGEN Gallery Search allows Reflected XSS. This issue affects NextGEN Gallery Search: from n/a through 2.12.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-53215
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8bitkid Yahoo! WebPlayer allows Reflected XSS. This issue affects Yahoo! WebPlayer: from n/a through 2.0.6.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-58335
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project function... Read more
Affected Products : junie- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Information Disclosure
-
8.6
HIGHCVE-2025-53508
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to t... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-53248
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine allows PHP Local File Inclusion. This issue affects Magazine: from n/a through 1.2.2.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
7.3
HIGHCVE-2025-5808
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-8857
Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
7.1
HIGHCVE-2025-53289
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Widget Areas allows Reflected XSS. This issue affects Theme Blvd Widget Areas: from n/a through 1.3.0.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-48363
Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert allows Cross Site Request Forgery. This issue affects Popup for CF7 with Sweet Alert: from n/a through 1.6.5.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.5
MEDIUMCVE-2025-58061
OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-9651
A vulnerability was found in shafhasan chatbox up to 156a39cde62f78532c3265a70eda12c70907e56f. This impacts an unknown function of the file /chat.php. The manipulation of the argument user_id results in sql injection. The attack may be performed from a re... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
4.7
MEDIUMCVE-2025-39245
There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.... Read more
Affected Products : hikcentral_master- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-53507
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, ref... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-31977
HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cryptography
-
6.5
MEDIUMCVE-2025-25010
Incorrect authorization in Kibana can lead to privilege escalation via the built-in reporting_user role which incorrectly has the ability to access all Kibana Spaces.... Read more
Affected Products : kibana- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2025-31971
AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing internal services or ... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Server-Side Request Forgery