Latest CVE Feed
-
4.3
MEDIUMCVE-2025-10700
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the enable_unfiltered_files_upload function. Thi... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.3
HIGHCVE-2025-62381
sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array propertie... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
5.8
MEDIUMCVE-2025-20360
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking wh... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Denial of Service
-
6.1
MEDIUMCVE-2025-20351
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. ... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-62378
CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and com... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Authorization