Latest CVE Feed
-
7.8
HIGHCVE-2025-43993
Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, le... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Misconfiguration
-
5.9
MEDIUMCVE-2025-60177
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rozx Recaptcha – wp allows Stored XSS. This issue affects Recaptcha – wp: from n/a through 0.2.6.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-60098
Missing Authorization vulnerability in Jeff Farthing Theme My Login allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theme My Login: from n/a through 7.1.12.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-60101
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Woostify Woostify allows Stored XSS. This issue affects Woostify: from n/a through 2.4.2.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-59012
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler allows Reflected XSS. This issue affects Traveler: from n/a through n/a.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2025-60110
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup AllInOne - Banner Rotator allows SQL Injection. This issue affects AllInOne - Banner Rotator: from n/a through 3.8.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-60094
Missing Authorization vulnerability in Benjamin Intal Stackable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stackable: from n/a through 3.18.1.... Read more
Affected Products : stackable- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-10962
A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This impacts the function sub_403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument mac_5g leads to command injection. It is possible to in... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
9.6
CRITICALCVE-2025-60156
Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress allows Upload a Web Shell to a Web Server. This issue affects AR For WordPress: from n/a through 7.98.... Read more
Affected Products : ar- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-60121
Missing Authorization vulnerability in Ex-Themes WooEvents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooEvents: from n/a through 4.1.7.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-11015
A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restrict... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-60162
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager allows DOM-Based XSS. This issue affects Job Board Manager: from n/a through 2.1.61.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-60160
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sharkthemes Smart Related Products allows Stored XSS. This issue affects Smart Related Products: from n/a through 2.0.5.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-60169
Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM allows Stored XSS. This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through 3.0.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-60140
Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal allows Retrieve Embedded Sensitive Data. This issue affects The Tribal: from n/a through 1.3.3.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Information Disclosure
-
5.4
MEDIUMCVE-2025-60161
Server-Side Request Forgery (SSRF) vulnerability in bdthemes ZoloBlocks allows Server Side Request Forgery. This issue affects ZoloBlocks: from n/a through 2.3.9.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Server-Side Request Forgery
-
6.4
MEDIUMCVE-2025-10178
The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cmbd_featured_image' shortcode in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user sup... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-11016
A security vulnerability has been detected in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of the argument path leads to path traversal. The attack may ... Read more
Affected Products : kodbox- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2025-60171
Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com allows Stored XSS. This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through 1.2.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.8
HIGHCVE-2025-60126
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginOps Testimonial Slider allows PHP Local File Inclusion. This issue affects Testimonial Slider: from n/a through 3.5.8.6.... Read more
Affected Products : testimonial_slider- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Path Traversal