{
"Source": "CVE FEED",
"Title": "CVE-2022-45117 - Apache Struts Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2022-45117
Published : May 28, 2025, 7:15 p.m. | 57 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2022-45117 - Apache Struts Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2022-45117
Published : May 28, 2025, 7:15 p.m. | 57 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2022-43659 - Apache HTTP Server Cross-Site Scripting",
"Content": "CVE ID : CVE-2022-43659
Published : May 28, 2025, 7:15 p.m. | 57 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2022-43659 - Apache HTTP Server Cross-Site Scripting",
"Content": "CVE ID : CVE-2022-43659
Published : May 28, 2025, 7:15 p.m. | 57 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-27702 - Absolute Secure Access Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-27702
Published : May 28, 2025, 9:15 p.m. | 1 hour ago
Description : CVE-2025-27702 is a vulnerability in the management console of Absolute
Secure Access prior to version 13.54. Attackers with administrative
access to the console and who have been assigned a certain set of
permissions can bypass those permissions to improperly modify settings.
The attack complexity is low, there are no preexisting attack
requirements; the privileges required are high, and there is no user
interaction required. There is no impact to system confidentiality or
availability, impact to system integrity is high.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-27702 - Absolute Secure Access Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-27702
Published : May 28, 2025, 9:15 p.m. | 1 hour ago
Description : CVE-2025-27702 is a vulnerability in the management console of Absolute
Secure Access prior to version 13.54. Attackers with administrative
access to the console and who have been assigned a certain set of
permissions can bypass those permissions to improperly modify settings.
The attack complexity is low, there are no preexisting attack
requirements; the privileges required are high, and there is no user
interaction required. There is no impact to system confidentiality or
availability, impact to system integrity is high.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-27703 - Absolute Secure Access Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-27703
Published : May 28, 2025, 9:15 p.m. | 1 hour ago
Description : CVE-2025-27703 is a privilege escalation vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with administrative access to a specific subset of privileged features
in the console can elevate their permissions to access additional
features in the console. The attack complexity is low, there are no
preexisting attack requirements; the privileges required are high, and
there is no user interaction required. The impact to system
confidentiality is low, the impact to system integrity is high and the
impact to system availability is low.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-27703 - Absolute Secure Access Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-27703
Published : May 28, 2025, 9:15 p.m. | 1 hour ago
Description : CVE-2025-27703 is a privilege escalation vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with administrative access to a specific subset of privileged features
in the console can elevate their permissions to access additional
features in the console. The attack complexity is low, there are no
preexisting attack requirements; the privileges required are high, and
there is no user interaction required. The impact to system
confidentiality is low, the impact to system integrity is high and the
impact to system availability is low.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-27706 - Absolute Secure Access Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-27706
Published : May 28, 2025, 9:15 p.m. | 1 hour ago
Description : CVE-2025-27706 is a cross-site scripting vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with system administrator permissions can interfere with another system
administratorโs use of the management console when the second
administrator visits the page. Attack complexity is low, there are no
preexisting attack requirements, privileges required are high and active
user interaction is required. There is no impact on confidentiality,
the impact on integrity is low and there is no impact on availability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-27706 - Absolute Secure Access Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-27706
Published : May 28, 2025, 9:15 p.m. | 1 hour ago
Description : CVE-2025-27706 is a cross-site scripting vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with system administrator permissions can interfere with another system
administratorโs use of the management console when the second
administrator visits the page. Attack complexity is low, there are no
preexisting attack requirements, privileges required are high and active
user interaction is required. There is no impact on confidentiality,
the impact on integrity is low and there is no impact on availability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2023-49139 - Apache HTTP Server SQL Injection",
"Content": "CVE ID : CVE-2023-49139
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2023-49139 - Apache HTTP Server SQL Injection",
"Content": "CVE ID : CVE-2023-49139
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2023-49137 - Cisco WebEx Meeting Server Cross-Site Scripting",
"Content": "CVE ID : CVE-2023-49137
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2023-49137 - Cisco WebEx Meeting Server Cross-Site Scripting",
"Content": "CVE ID : CVE-2023-49137
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2023-49604 - Apache HTTP Server Remote File Inclusion",
"Content": "CVE ID : CVE-2023-49604
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2023-49604 - Apache HTTP Server Remote File Inclusion",
"Content": "CVE ID : CVE-2023-49604
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2023-49904 - Apache HTTP Server Remote Code Execution",
"Content": "CVE ID : CVE-2023-49904
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2023-49904 - Apache HTTP Server Remote Code Execution",
"Content": "CVE ID : CVE-2023-49904
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2023-50338 - Apache HTTP Server SQL Injection",
"Content": "CVE ID : CVE-2023-50338
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2023-50338 - Apache HTTP Server SQL Injection",
"Content": "CVE ID : CVE-2023-50338
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2023-51753 - Apache HTTP Server XML Entity Injection",
"Content": "CVE ID : CVE-2023-51753
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2023-51753 - Apache HTTP Server XML Entity Injection",
"Content": "CVE ID : CVE-2023-51753
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2023-51756 - Apache HTTP Server Cross-Site Scripting",
"Content": "CVE ID : CVE-2023-51756
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2023-51756 - Apache HTTP Server Cross-Site Scripting",
"Content": "CVE ID : CVE-2023-51756
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2023-48726 - Apache Struts Cross-Site Scripting",
"Content": "CVE ID : CVE-2023-48726
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2023-48726 - Apache Struts Cross-Site Scripting",
"Content": "CVE ID : CVE-2023-48726
Published : May 28, 2025, 10:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4583 - Smash Balloon Social Photo Feed โ Easy Social Feeds Plugin Stored Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-4583
Published : May 29, 2025, 5:15 a.m. | 1 hour, 11 minutes ago
Description : The Smash Balloon Social Photo Feed โ Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4583 - Smash Balloon Social Photo Feed โ Easy Social Feeds Plugin Stored Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-4583
Published : May 29, 2025, 5:15 a.m. | 1 hour, 11 minutes ago
Description : The Smash Balloon Social Photo Feed โ Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5273 - Mcp-Markdownify-Server File Access Vulnerability",
"Content": "CVE ID : CVE-2025-5273
Published : May 29, 2025, 5:15 a.m. | 1 hour, 11 minutes ago
Description : All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5273 - Mcp-Markdownify-Server File Access Vulnerability",
"Content": "CVE ID : CVE-2025-5273
Published : May 29, 2025, 5:15 a.m. | 1 hour, 11 minutes ago
Description : All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5276 - MCP Markdownify Server SSRF",
"Content": "CVE ID : CVE-2025-5276
Published : May 29, 2025, 5:15 a.m. | 1 hour, 11 minutes ago
Description : All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5276 - MCP Markdownify Server SSRF",
"Content": "CVE ID : CVE-2025-5276
Published : May 29, 2025, 5:15 a.m. | 1 hour, 11 minutes ago
Description : All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-3755 - Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Index Validation Bypass",
"Content": "CVE ID : CVE-2025-3755
Published : May 29, 2025, 5:15 a.m. | 1 hour, 11 minutes ago
Description : Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-3755 - Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Index Validation Bypass",
"Content": "CVE ID : CVE-2025-3755
Published : May 29, 2025, 5:15 a.m. | 1 hour, 11 minutes ago
Description : Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5286 - WordPress Bold Page Builder Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-5286
Published : May 29, 2025, 9:15 a.m. | 1 hour, 12 minutes ago
Description : The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โadditional_settingsโ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5286 - WordPress Bold Page Builder Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-5286
Published : May 29, 2025, 9:15 a.m. | 1 hour, 12 minutes ago
Description : The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โadditional_settingsโ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5122 - Leaflet Map Block for WordPress Stored XSS Vulnerability",
"Content": "CVE ID : CVE-2025-5122
Published : May 29, 2025, 9:15 a.m. | 1 hour, 12 minutes ago
Description : The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โurlโ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5122 - Leaflet Map Block for WordPress Stored XSS Vulnerability",
"Content": "CVE ID : CVE-2025-5122
Published : May 29, 2025, 9:15 a.m. | 1 hour, 12 minutes ago
Description : The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โurlโ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4670 - Easy Digital Downloads Stored Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-4670
Published : May 29, 2025, 9:15 a.m. | 1 hour, 12 minutes ago
Description : The Easy Digital Downloads โ eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4670 - Easy Digital Downloads Stored Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-4670
Published : May 29, 2025, 9:15 a.m. | 1 hour, 12 minutes ago
Description : The Easy Digital Downloads โ eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4687 - Teltonika Networks Remote Management System (RMS) Account Pre-Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-4687
Published : May 29, 2025, 9:15 a.m. | 1 hour, 12 minutes ago
Description : In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4687 - Teltonika Networks Remote Management System (RMS) Account Pre-Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-4687
Published : May 29, 2025, 9:15 a.m. | 1 hour, 12 minutes ago
Description : In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น