Latest CVE Feed
-
4.8
MEDIUMCVE-2025-53811
The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC (Transparency, Consent, and Control) permissions. Acquired resource a... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Misconfiguration
-
8.7
HIGHCVE-2025-57805
The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-5931
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff ... Read more
Affected Products : dokan_pro_plugin- Published: Aug. 26, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2025-57814
request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are cor... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Server-Side Request Forgery
-
4.8
MEDIUMCVE-2025-9190
The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC (Transparency, Consent, and Control) permissions. Acquired resource acces... Read more
Affected Products : cursor- Published: Aug. 26, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-53419
Delta Electronics COMMGR has Code Injection vulnerability.... Read more
Affected Products : commgr- Published: Aug. 26, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-9172
The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Injection
-
4.7
MEDIUMCVE-2025-6247
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthe... Read more
Affected Products : wordpress_automatic_plugin- Published: Aug. 26, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.7
MEDIUMCVE-2025-8997
An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2025-54300
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-9411
A security vulnerability has been detected in lostvip-com ruoyi-go up to 2.1. The impacted element is the function SelectPageList of the file modules/system/service/LoginInforService.go. The manipulation of the argument isAsc leads to sql injection. The a... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-48303
Cross-Site Request Forgery (CSRF) vulnerability in Kevin Langley Jr. Post Type Converter allows Cross-Site Request Forgery.This issue affects Post Type Converter: from n/a through 0.6.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-9400
A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible.... Read more
Affected Products : yifang- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-8562
The Custom Query Shortcode plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.4.0 via the 'lens' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the ... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Path Traversal
-
8.6
HIGHCVE-2025-5302
A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to ... Read more
Affected Products : llamaindex- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Denial of Service
-
8.5
HIGHCVE-2025-54301
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cross-Site Scripting
-
7.0
HIGHCVE-2025-51281
D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. This vulnerability allows authenticated attackers to cause a Denial of Service (DoS) by sending crafted GET requests with overly long va... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Denial of Service
-
5.8
MEDIUMCVE-2025-9402
A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request f... Read more
Affected Products : usualtoolcms- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Server-Side Request Forgery
-
7.2
HIGHCVE-2025-6737
Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-9415
A vulnerability was identified in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. The manipulation of the argument upload[] leads to unrestricted upload. The attack is possible to be carried out ... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Misconfiguration