Latest CVE Feed
-
6.5
MEDIUMCVE-2025-11041
A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack is possible... Read more
Affected Products : open_source_job_portal- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-11094
A security vulnerability has been detected in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/admin_product_details.php. Such manipulation of the argument prod_id leads to sql injection. The attack may be launched rem... Read more
Affected Products : e-commerce_website- Published: Sep. 28, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Injection
-
5.7
MEDIUMCVE-2025-10504
Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.... Read more
Affected Products :- Published: Sep. 29, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2024-57412
An issue in SunOS Omnios v5.11 allows attackers to cause a Denial of Service (DoS) via repeatedly sending crafted TCP packets.... Read more
Affected Products :- Published: Sep. 29, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Denial of Service
-
6.8
MEDIUMCVE-2025-61659
bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name.... Read more
Affected Products :- Published: Sep. 29, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-10954
Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime ... Read more
Affected Products :- Published: Sep. 27, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-11050
A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /periodo-lancamento. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been published and may b... Read more
Affected Products : i-educar- Published: Sep. 27, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-59939
WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the following parameters: nomeClasse=ProdutoControle&metodo=excluir&id_produto=[malicious command]. I... Read more
Affected Products : wegia- Published: Sep. 27, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-11047
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit ha... Read more
Affected Products : i-educar- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-11046
A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can b... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-11057
A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/print_inv.php. Such manipulation of the argument ID leads to sql injection. The attack can be ex... Read more
Affected Products : pet_grooming_management_software- Published: Sep. 27, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2024-43192
IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more
Affected Products :- Published: Sep. 27, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-59938
Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel mes... Read more
Affected Products : wazuh- Published: Sep. 27, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-9896
The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated at... Read more
Affected Products :- Published: Sep. 27, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.8
MEDIUMCVE-2025-57876
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary Ja... Read more
Affected Products : portal_for_arcgis- Published: Sep. 29, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-11026
A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. Th... Read more
Affected Products : vvveb- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-9898
The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cforms_api function. This makes it possibl... Read more
Affected Products :- Published: Sep. 27, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.8
MEDIUMCVE-2025-57871
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the bro... Read more
Affected Products : portal_for_arcgis- Published: Sep. 29, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Cross-Site Scripting
-
8.2
HIGHCVE-2025-59845
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.9
MEDIUMCVE-2025-59843
Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the public endpoint /api/user/[username] returns user email addresses in its JSON response. The problem has been patched in FlagForge version 2.3.1. The fix removes emai... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Information Disclosure