Latest CVE Feed
-
6.5
MEDIUMCVE-2025-9215
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the file_download() function. This makes it poss... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-39832
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix lockdep assertion on sync reset unload event Fix lockdep assertion triggered during sync reset unload event. When the sync reset flow is initiated using the devlink reload... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-39833
In the Linux kernel, the following vulnerability has been resolved: mISDN: hfcpci: Fix warning when deleting uninitialized timer With CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads to the following splat: [ 250.215892] ODEBUG: assert_init n... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
6.4
MEDIUMCVE-2025-9203
The Media Player Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtitle_ssize', 'track_title', and 'track_artist_name' parameters in version 1.0.5. This is due to insufficient input sanitization and output... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-10058
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the upload_function() function in all versions up to, and including, 7.27. This makes it poss... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal
-
5.9
MEDIUMCVE-2025-10042
The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL que... Read more
Affected Products : quiz_maker- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
6.7
MEDIUMCVE-2025-9818
A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation marks. If the in... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
8.0
HIGHCVE-2025-59518
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands ... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
6.7
MEDIUMCVE-2025-37129
A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlyi... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
8.4
HIGHCVE-2025-59307
RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
6.8
MEDIUMCVE-2025-37128
A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potenti... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-39827
In the Linux kernel, the following vulnerability has been resolved: net: rose: include node references in rose_neigh refcount Current implementation maintains two separate reference counting mechanisms: the 'count' field in struct rose_neigh tracks refe... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
7.4
HIGHCVE-2025-36244
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.... Read more
- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2025-39826
In the Linux kernel, the following vulnerability has been resolved: net: rose: convert 'use' field to refcount_t The 'use' field in struct rose_neigh is used as a reference counter but lacks atomicity. This can lead to race conditions where a rose_neigh... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Race Condition
-
7.5
HIGHCVE-2025-59375
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.... Read more
Affected Products : libexpat- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-43327
The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing.... Read more
- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-43329
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26, tvOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to break out of its sandbox.... Read more
- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authorization
-
4.0
MEDIUMCVE-2025-43331
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.... Read more
Affected Products : macos- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-43333
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges.... Read more
Affected Products : macos- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authorization