Latest CVE Feed
-
5.3
MEDIUMCVE-2025-11015
A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restrict... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-11013
A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xml_parsing.cpp of the component XML Parser. The manipulation leads to null pointer dereference. The attack ... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-43993
Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, le... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Misconfiguration
-
5.4
MEDIUMCVE-2025-60103
Missing Authorization vulnerability in CridioStudio ListingPro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ListingPro: from n/a through 2.9.8.... Read more
Affected Products : listingpro- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-60101
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Woostify Woostify allows Stored XSS. This issue affects Woostify: from n/a through 2.4.2.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-10178
The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cmbd_featured_image' shortcode in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user sup... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-11014
A security flaw has been discovered in OGRECave Ogre up to 14.4.1. This issue affects the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp of the component Image Handler. The manipulation results in heap-based buff... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-60098
Missing Authorization vulnerability in Jeff Farthing Theme My Login allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theme My Login: from n/a through 7.1.12.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-11016
A security vulnerability has been detected in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of the argument path leads to path traversal. The attack may ... Read more
Affected Products : kodbox- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-60120
Missing Authorization vulnerability in wpdirectorykit WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Directory Kit: from n/a through 1.3.8.... Read more
Affected Products : wp_directory_kit- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-60143
Missing Authorization vulnerability in netgsm Netgsm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netgsm: from n/a through 2.9.58.... Read more
Affected Products : netgsm- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-60162
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager allows DOM-Based XSS. This issue affects Job Board Manager: from n/a through 2.1.61.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-60161
Server-Side Request Forgery (SSRF) vulnerability in bdthemes ZoloBlocks allows Server Side Request Forgery. This issue affects ZoloBlocks: from n/a through 2.3.9.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Server-Side Request Forgery
-
5.9
MEDIUMCVE-2025-60160
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sharkthemes Smart Related Products allows Stored XSS. This issue affects Smart Related Products: from n/a through 2.0.5.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
4.9
MEDIUMCVE-2025-60106
Missing Authorization vulnerability in Roxnor EmailKit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EmailKit: from n/a through 1.6.0.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-60146
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amit Verma Map Categories to Pages allows Stored XSS. This issue affects Map Categories to Pages: from n/a through 1.3.2.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2025-60118
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Potenzaglobalsolutions PGS Core allows SQL Injection. This issue affects PGS Core: from n/a through 5.9.0.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-60095
Insertion of Sensitive Information Into Sent Data vulnerability in Benjamin Intal Stackable allows Retrieve Embedded Sensitive Data. This issue affects Stackable: from n/a through 3.18.1.... Read more
Affected Products : stackable- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-11021
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds me... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-60097
Missing Authorization vulnerability in CodexThemes TheGem allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem: from n/a through 5.10.5.... Read more
Affected Products : thegem- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization