CVE Feeds
CVE News Feed
Updates on the latest vulnerabilities detected.
-
CVE-2025-13307 - Ocean Modal Window on via Modal Conditions
CVE ID :CVE-2025-13307
Published : Dec. 19, 2025, 6:15 a.m. | 24 minutes ago
Description :The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set (edit_pages capability). The conditions are then executed as part of an eval statement executed on every site page. This leads to remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14267 - Unintended temporary cached data included in a structure only copy intended to be empty of data
CVE ID :CVE-2025-14267
Published : Dec. 19, 2025, 6:15 a.m. | 25 minutes ago
Description :Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14546 - FastAPI SSO CSRF
CVE ID :CVE-2025-14546
Published : Dec. 19, 2025, 5:16 a.m. | 1 hour, 24 minutes ago
Description :Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery (CSRF) due to the improper validation of the OAuth state parameter during the authentication callback. While the get_login_url method allows for state generation, it does not persist the state or bind it to the user's session. Consequently, the verify_and_process method accepts the state received in the query parameters without verifying it against a trusted local value. This allows a remote attacker to trick a victim into visiting a malicious callback URL, which can result in the attacker's account being linked to the victim's internal account.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68491 - Apache HTTP Server Buffer Overflow Vulnerability
CVE ID :CVE-2025-68491
Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 24 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68490 - Apache HTTP Server Cross-Site Request Forgery
CVE ID :CVE-2025-68490
Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 24 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68489 - Apache HTTP Server Cross-Site Request Forgery
CVE ID :CVE-2025-68489
Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 24 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68488 - Apache HTTP Server Authentication Bypass
CVE ID :CVE-2025-68488
Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 24 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68487 - Apache HTTP Server Cross-Site Request Forgery
CVE ID :CVE-2025-68487
Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 24 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68486 - Apache HTTP Server Cross-Site Request Forgery
CVE ID :CVE-2025-68486
Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 24 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68485 - Apache HTTP Server Code Injection Vulnerability
CVE ID :CVE-2025-68485
Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 24 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68484 - Apache HTTP Server Authentication Bypass
CVE ID :CVE-2025-68484
Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 24 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68483 - Microsoft IIS HTTP Header Injection
CVE ID :CVE-2025-68483
Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 24 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14940 - code-projects Scholars Tracking System delete_user.php sql injection
CVE ID :CVE-2025-14940
Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 24 minutes ago
Description :A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14939 - code-projects Online Appointment Booking System deletemanager.php sql injection
CVE ID :CVE-2025-14939
Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 24 minutes ago
Description :A vulnerability was found in code-projects Online Appointment Booking System 1.0. Impacted is an unknown function of the file /admin/deletemanager.php. The manipulation of the argument managername results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-67846 - Mintlify Platform Downgrade Attack
CVE ID :CVE-2025-67846
Published : Dec. 19, 2025, 2:16 a.m. | 4 hours, 24 minutes ago
Description :The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that contains unpatched vulnerabilities. By browsing directly to the specific git-ref or deployment-id subdomain, the attacker can force the application to load the vulnerable version.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-67845 - Mintlify Platform Directory Traversal Vulnerability
CVE ID :CVE-2025-67845
Published : Dec. 19, 2025, 2:16 a.m. | 4 hours, 24 minutes ago
Description :A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-67844 - Mintlify Platform GitHub Integration API Insufficient Authorization
CVE ID :CVE-2025-67844
Published : Dec. 19, 2025, 2:16 a.m. | 4 hours, 24 minutes ago
Description :The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App Installation ID associated with the user's organization.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-67843 - Mintlify Platform SSTI Vulnerability
CVE ID :CVE-2025-67843
Published : Dec. 19, 2025, 2:16 a.m. | 4 hours, 24 minutes ago
Description :A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-67842 - Mintlify Platform Cross-Site Scripting (XSS)
CVE ID :CVE-2025-67842
Published : Dec. 19, 2025, 2:16 a.m. | 4 hours, 24 minutes ago
Description :The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-52692 - Bypass Authentication
CVE ID :CVE-2025-52692
Published : Dec. 19, 2025, 2:16 a.m. | 4 hours, 24 minutes ago
Description :Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Information
Vortech Consulting is a network security and design consulting firm originally founded in 1997. Over our nearly 30 year history we have provided security services and products for a wide variety of companies around the globe.
Company
Who's Online
We have 243 guests and no members online