Latest CVE Feed
-
6.4
MEDIUMCVE-2025-8394
The Productive Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_productive_breadcrumb shortcode in all versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping on user... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-9891
The User Sync – Remote User Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the mo_user_sync_form_handler() function. This makes it ... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Request Forgery
-
9.3
CRITICALCVE-2025-10155
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file e... Read more
Affected Products : picklescan- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2025-9565
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocksy_newsletter_subscribe shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user... Read more
Affected Products : blocksy_companion- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-8153
Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from Ver.10.8.21 to Ver.10.8.36, from Ver.10.9.11 to Ver.10.9.24, from Ver.10.10.21 to Ver.10.10.31, Ver.10.11.6 and UNIVERGE IX-R/IX-V Ver1.3.16, Ver1.3.21 allows... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
9.6
CRITICALCVE-2025-59334
Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitr... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal
-
6.4
MEDIUMCVE-2025-10166
The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twitter' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attr... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-10143
The Catch Dark Mode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0 via the 'catch_dark_mode' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to i... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal
-
6.6
MEDIUMCVE-2025-10050
The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabled_loggers parameter. This makes it possible for authenticated attackers, with Administrator-level a... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal
-
5.1
MEDIUMCVE-2025-43804
Cross-site scripting (XSS) vulnerability in Search widget in Liferay Portal 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_searc... Read more
- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
9.3
CRITICALCVE-2009-20006
osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthentic... Read more
Affected Products : oscommerce- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authentication
-
4.9
MEDIUMCVE-2025-37131
A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive informatio... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-37130
A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal
-
9.1
CRITICALCVE-2025-56557
An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-56263
by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api/sms/upload/headImg endpoint allows uploading arbitrary files. Users can upload files of any size and type.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
9.1
CRITICALCVE-2025-54391
A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentials to bypass Two-Factor Authentication (2FA) protection. The attacker can configure an additional 2FA method (either ... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2025-43805
Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 does not perform an authorization check when users attempt to view a display page template, which allows... Read more
- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-9447
An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-9449
A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-9450
A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file.... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption