Live feed

CVE Feed

Last 30 days — 8,190 matching across all industries.

Showing 40

Auto-refreshupdated just now
CVE-2025-69110
HIGH· 8.1

Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions.

29d ago
CVE-2025-69109
HIGH· 8.1

Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions.

29d ago
CVE-2025-69108
CRITICAL· 9.8

Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions.

29d ago
CVE-2025-69107
HIGH· 8.1

Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions.

29d ago
CVE-2025-69105
HIGH· 8.1

Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions.

29d ago
CVE-2025-69104
HIGH· 7.1

Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.

29d ago
CVE-2025-69103
HIGH· 7.5

Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.

29d ago
CVE-2025-62340
LOW· 3.1

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity

hcltech
29d ago
CVE-2025-60223
HIGH· 7.7

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.

29d ago
CVE-2025-60218
CRITICAL· 9.9

Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.

29d ago
CVE-2025-60205
CRITICAL· 9.8

Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.

29d ago
CVE-2025-60085
HIGH· 8.1

Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions.

29d ago
CVE-2025-59872
MEDIUM· 4.3

HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code

hcltech
29d ago
CVE-2025-59563
HIGH· 8.8

Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.

29d ago
CVE-2025-59560
HIGH· 7.1

Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.

29d ago
CVE-2025-58954
HIGH· 8.1

Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.

29d ago
CVE-2025-58953
HIGH· 8.1

Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions.

29d ago
CVE-2025-58952
HIGH· 8.1

Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions.

29d ago
CVE-2025-58924
HIGH· 8.1

Unauthenticated Local File Inclusion in Geya <= 1.15 versions.

29d ago
CVE-2025-49403
HIGH· 7.5

Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.

29d ago
CVE-2025-48643
HIGH· 7.8

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

google
29d ago
CVE-2025-48640
HIGH· 8.0

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

google
29d ago
CVE-2025-48617
HIGH· 7.8

In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

google
29d ago
CVE-2025-48571
MEDIUM· 4.3

In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

google
29d ago
CVE-2025-31013
HIGH· 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6.

29d ago
CVE-2025-15642
NONE

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys,. * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138

29d ago
CVE-2025-15641
NONE

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s) * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138

29d ago
CVE-2024-52488
CRITICAL· 9.9

Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.

29d ago
CVE-2024-49269
HIGH· 7.1

Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.

29d ago
CVE-2024-37496
MEDIUM· 4.3

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7.

29d ago
CVE-2024-37210
MEDIUM· 6.5

Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5.

29d ago
CVE-2024-35690
MEDIUM· 6.5

Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1.

29d ago
CVE-2024-35648
MEDIUM· 4.3

Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0.

29d ago
CVE-2024-34810
MEDIUM· 4.3

Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10.

29d ago
CVE-2024-33909
MEDIUM· 5.3

Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.

29d ago
CVE-2024-33685
MEDIUM· 4.3

Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1.

29d ago
CVE-2024-32949
HIGH· 8.3

Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8.

29d ago
CVE-2024-32729
HIGH· 7.5

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8.

29d ago
CVE-2024-31435
MEDIUM· 4.3

: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6.

29d ago
CVE-2024-24709
MEDIUM· 4.3

Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.

29d ago
Feedback

How was this page?

Spotted something off, or have an idea? Let us know.

0/1000