Latest CVEs
Updates on the latest vulnerabilities detected.
-
CVE-2025-6199 - GdkPixbuf GIF LZW Buffer Leak Vulnerability
CVE ID :CVE-2025-6199
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6196 - Libgepub EPUB File Processing Memory Corruption
CVE ID :CVE-2025-6196
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-4754 - Ash-Project Phoenix Session Hijacking
CVE ID :CVE-2025-4754
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoenix until 2.10.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49882 - CubeWP Framework Cross-site Scripting
CVE ID :CVE-2025-49882
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emraan Cheema CubeWP Framework allows DOM-Based XSS. This issue affects CubeWP Framework: from n/a through 1.1.23.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49881 - CyberChimps Responsive Blocks Cross-site Scripting
CVE ID :CVE-2025-49881
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49880 - CubeWP Forms Missing Authorization Vulnerability
CVE ID :CVE-2025-49880
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Missing Authorization vulnerability in Emraan Cheema CubeWP Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CubeWP Forms: from n/a through 1.1.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49879 - Themezaa Litho Path Traversal Vulnerability
CVE ID :CVE-2025-49879
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in themezaa Litho allows Path Traversal. This issue affects Litho: from n/a through 3.0.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49878 - Greg Winiarski WPAdverts Cross-site Scripting
CVE ID :CVE-2025-49878
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affects WPAdverts: from n/a through 2.2.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49877 - Metagauss ProfileGrid SSRF
CVE ID :CVE-2025-49877
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Server-Side Request Forgery (SSRF) vulnerability in Metagauss ProfileGrid allows Server Side Request Forgery. This issue affects ProfileGrid : from n/a through 5.9.5.2.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49875 - IfSo Dynamic Content Personalization Cross-site Scripting (XSS)
CVE ID :CVE-2025-49875
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.9.3.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49874 - Arconix FAQ Missing Authorization Vulnerability
CVE ID :CVE-2025-49874
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Missing Authorization vulnerability in tychesoftwares Arconix FAQ allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Arconix FAQ: from n/a through 1.9.6.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49872 - WPExperts.io myCred Missing Authorization Vulnerability
CVE ID :CVE-2025-49872
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Missing Authorization vulnerability in WPExperts.io myCred allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects myCred: from n/a through 2.9.4.2.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49871 - Noptin Stored Cross-Site Scripting (XSS) Vulnerability
CVE ID :CVE-2025-49871
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Mutende Noptin allows Stored XSS. This issue affects Noptin: from n/a through 3.8.7.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49868 - Autonami Open Redirect Phishing
CVE ID :CVE-2025-49868
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.6.0.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49865 - Helmut Wandl Advanced Settings CSRF Vulnerability
CVE ID :CVE-2025-49865
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.0.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49864 - AFS Analytics Missing Authorization Vulnerability
CVE ID :CVE-2025-49864
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Missing Authorization vulnerability in AFS Analytics AFS Analytics allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AFS Analytics: from n/a through 4.21.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49863 - WordPress Codeus Advanced Sermons Cross-Site Scripting
CVE ID :CVE-2025-49863
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Stored XSS. This issue affects Advanced Sermons: from n/a through 3.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49862 - Motov.net Ebook Store Cross-Site Scripting
CVE ID :CVE-2025-49862
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store allows Stored XSS. This issue affects Ebook Store: from n/a through 5.8008.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49861 - Kama Click Counter Cross-site Scripting Vulnerability
CVE ID :CVE-2025-49861
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timur Kamaev Kama Click Counter allows Stored XSS. This issue affects Kama Click Counter: from n/a through 4.0.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-49859 - Etuel WP Views Counter Cross-Site Scripting (XSS)
CVE ID :CVE-2025-49859
Published : June 17, 2025, 3:15 p.m. | 25 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in etruel WP Views Counter allows Stored XSS. This issue affects WP Views Counter: from n/a through 2.0.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...