Latest CVE Feed
-
3.5
LOWCVE-2025-3650
The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrators.... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-10393
A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server-side request forgery. The attack is possible to be car... Read more
Affected Products :- Published: Sep. 14, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2025-10441
A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os comma... Read more
Affected Products : di-8200g_firmware- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-10395
A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is poss... Read more
Affected Products :- Published: Sep. 14, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Server-Side Request Forgery
-
4.8
MEDIUMCVE-2025-10434
A vulnerability was identified in IbuyuCMS up to 2.6.3. Impacted is an unknown function of the file /admin/article.php?a=mod of the component Add Article Page. The manipulation of the argument Title leads to cross site scripting. The attack is possible to... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Scripting
-
5.8
MEDIUMCVE-2025-10397
A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The manipulation of the argument cjurl leads to server-side request forgery. The attack can be initiated remotely. The exploit i... Read more
Affected Products :- Published: Sep. 14, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Server-Side Request Forgery
-
6.9
MEDIUMCVE-2025-10453
O'View MapServer developed by PilotGaea Technologies has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network.... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Server-Side Request Forgery
-
9.8
CRITICALCVE-2025-10265
Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-8280
The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-59359
The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
0.0
NACVE-2022-50234
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: defer registered files gc to io_uring release Instead of putting io_uring's registered files in unix_gc() we want it to be done by io_uring itself. The trick here is t... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50239
In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom: fix writes in read-only memory region This commit fixes a kernel oops because of a write in some read-only memory: [ 9.068287] Unable to handle kernel write to read-... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39795
In the Linux kernel, the following vulnerability has been resolved: block: avoid possible overflow for chunk_sectors check in blk_stack_limits() In blk_stack_limits(), we check that the t->chunk_sectors value is a multiple of the t->physical_block_size ... Read more
Affected Products : linux_kernel- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
5.1
MEDIUMCVE-2025-43795
Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redir... Read more
- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2022-50242
In the Linux kernel, the following vulnerability has been resolved: drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() If vp alloc failed in qlcnic_sriov_init(), all previously allocated vp needs to be freed.... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-9086
1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with j... Read more
Affected Products : curl- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39793
In the Linux kernel, the following vulnerability has been resolved: io_uring/memmap: cast nr_pages to size_t before shifting If the allocated size exceeds UINT_MAX, then it's necessary to cast the mr->nr_pages value to size_t to prevent it from overflow... Read more
Affected Products : linux_kernel- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50243
In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctp_auth_asoc_init_active_key When it returns an error from sctp_auth_asoc_init_active_key(), the active_key is actually not updated. The old sh_ke... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
7.2
HIGHCVE-2025-4235
An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by e... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-59361
The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection