6.9

CVSS4.0

CVE-2025-62256 -

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers …

πŸ“… Published: Oct. 23, 2025, 1:41 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 10:14 p.m.

4.8

CVSS4.0

CVE-2025-53701 - XSS vulnerability in Vilar VS-IPC1002 IP cameras

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1…

πŸ“… Published: Oct. 23, 2025, 1:39 p.m. πŸ”„ Last Modified: Nov. 4, 2025, 1:10 p.m.

7.1

CVSS4.0

CVE-2025-53702 - DoS vulnerability in Vilar VS-IPC1002 IP cameras

Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request toΒ /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required.Β  The vendor did no…

πŸ“… Published: Oct. 23, 2025, 1:39 p.m. πŸ”„ Last Modified: Nov. 4, 2025, 1:10 p.m.

5.3

CVSS3.1

CVE-2025-10705 - MxChat – AI Chatbot for WordPress <= 2.4.6 - Unauthenticated Blind Server-Side Request Forgery

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due to insufficient validation of user-supplied URLs in the PDF processing functionality. This makes it possible for unauthenticated att…

πŸ“… Published: Oct. 23, 2025, 12:32 p.m. πŸ”„ Last Modified: April 21, 2026, 2:15 a.m.

5

CVSS3.1

CVE-2025-11128 - Feedzy RSS Feeds Lite <= 5.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.1.0 via the 'feedzy_sanitize_feeds' function. This makes it possible for authenticated attackers…

πŸ“… Published: Oct. 23, 2025, 12:32 p.m. πŸ”„ Last Modified: April 21, 2026, 2:15 a.m.

6.4

CVSS3.1

CVE-2025-8427 - Beaver Builder Plugin (Starter Version) <= 2.9.2.1 - Authenticated (Contributor+) Stored Cross-Site…

The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜auto_play’ parameter in all versions up to, and including, 2.9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w…

πŸ“… Published: Oct. 23, 2025, 12:32 p.m. πŸ”„ Last Modified: April 20, 2026, 9:45 p.m.

9.8

CVSS3.1

CVE-2025-11023 - Local File Inclusion in ArkSigner's AcBakImzala

Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows PHP Local File Inclusion.This issue affects AcBakImzala: before …

πŸ“… Published: Oct. 23, 2025, 12:32 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

0.0

CVE-2025-62835 -

Not used

πŸ“… Published: Oct. 23, 2025, 11:55 a.m. πŸ”„ Last Modified: Oct. 24, 2025, 2:55 a.m.

0.0

CVE-2025-62829 -

Not used

πŸ“… Published: Oct. 23, 2025, 11:55 a.m. πŸ”„ Last Modified: Oct. 24, 2025, 2:55 a.m.

0.0

CVE-2025-62832 -

Not used

πŸ“… Published: Oct. 23, 2025, 11:55 a.m. πŸ”„ Last Modified: Oct. 24, 2025, 2:55 a.m.
Total resulsts: 349182
Page 3301 of 34,919
Β« previous page Β» next page
Filters