Latest CVE Feed
-
4.3
MEDIUMCVE-2025-9374
The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated at... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.4
MEDIUMCVE-2025-53250
Server-Side Request Forgery (SSRF) vulnerability in Chartbeat Chartbeat allows Server Side Request Forgery. This issue affects Chartbeat: from n/a through 2.0.7.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Server-Side Request Forgery
-
5.5
MEDIUMCVE-2025-9650
A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java. The manipulation of the argument carimg leads t... Read more
Affected Products : carrental- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
3.4
LOWCVE-2025-48979
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-9590
A vulnerability was identified in Weaver E-Mobile Mobile Management Platform up to 20250813. Affected by this vulnerability is an unknown functionality. The manipulation of the argument gohome leads to cross site scripting. The attack can be initiated rem... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2024-49790
IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more
Affected Products : watson_studio_on_cloud_pak_for_data- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-8147
The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscache_activatePlugin() function in all versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, w... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
7.7
HIGHCVE-2025-54029
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in extendons WooCommerce csv import export allows Path Traversal. This issue affects WooCommerce csv import export: from n/a through 2.0.6.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-9217
The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'used_svg' and 'used_images' parameters. This makes it possible for authenticated attackers, with Contributor-level access and ... Read more
Affected Products : slider_revolution- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
4.0
MEDIUMCVE-2025-54142
Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin serv... Read more
Affected Products : akamaighost- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2025-49407
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1.... Read more
Affected Products : houzez- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-9604
A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cryptography
-
7.7
HIGHCVE-2025-53588
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator allows Path Traversal. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-55750
Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain conditions allowed a crafted link to expose a valid Bit... Read more
Affected Products : gitpod- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-8857
Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code.... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-4644
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
6.4
MEDIUMCVE-2025-8290
The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-53247
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPInterface BlogMarks allows PHP Local File Inclusion. This issue affects BlogMarks: from n/a through 1.0.8.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-54725
Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows Authentication Abuse. This issue affects Golo: from n/a through 1.7.0.... Read more
Affected Products : golo- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
8.1
HIGHCVE-2025-54716
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5.... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Path Traversal