CVE-2025-62820 - Slack Nebula IP Address Spoofing
CVE ID : CVE-2025-62820
Published : Oct. 23, 2025, 4:18 a.m. | 2 hours, 54 minutes ago
Description : Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62820
Published : Oct. 23, 2025, 4:18 a.m. | 2 hours, 54 minutes ago
Description : Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54806 - GROWI Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-54806
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54806
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54856 - Movable Type Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-54856
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54856
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61865 - NarSuS App Windows Service Path Injection Vulnerability
CVE ID : CVE-2025-61865
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : NarSuS App registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61865
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : NarSuS App registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62499 - Movable Type Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-62499
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of ContentType page.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62499
Published : Oct. 23, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of ContentType page.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41073 - Path Traversal in Gandia Integra Total by TESI
CVE ID : CVE-2025-41073
Published : Oct. 23, 2025, 11:15 a.m. | 3 hours, 59 minutes ago
Description : Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories (e.g., ..\..\..), by exploiting the “direstudio” parameter in “/encuestas/integraweb[_v4]/integra/html/view/comprimir.php”.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41073
Published : Oct. 23, 2025, 11:15 a.m. | 3 hours, 59 minutes ago
Description : Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories (e.g., ..\..\..), by exploiting the “direstudio” parameter in “/encuestas/integraweb[_v4]/integra/html/view/comprimir.php”.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-14011 - Cisco WebEx WebConference Session Hijacking Vulnerability
CVE ID : CVE-2024-14011
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Rejected reason: This is a duplicate.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-14011
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Rejected reason: This is a duplicate.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10355 - Open redirection vulnerability in MOLGENIS EMX2
CVE ID : CVE-2025-10355
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This vulnerability allows an attacker to create a malicious URL using a manipulated redirection parameter, potentially leading users to phishing sites or other malicious destinations via “/%2f%2f”.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10355
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This vulnerability allows an attacker to create a malicious URL using a manipulated redirection parameter, potentially leading users to phishing sites or other malicious destinations via “/%2f%2f”.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62393 - Moodle: course access permissions not properly checked in course_output_fragment_course_overview
CVE ID : CVE-2025-62393
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62393
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62394 - Moodle: quiz notifications sent to suspended participants
CVE ID : CVE-2025-62394
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62394
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62395 - Moodle: external cohort search service leaks system cohort data
CVE ID : CVE-2025-62395
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62395
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62396 - Moodle: router (r.php) could expose application directories
CVE ID : CVE-2025-62396
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62396
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62397 - Moodle: router produces json instead of 404 error for invalid course id
CVE ID : CVE-2025-62397
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62397
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62398 - Moodle: possible to bypass mfa
CVE ID : CVE-2025-62398
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62398
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62399 - Moodle: password brute force risk when mobile/web services enabled
CVE ID : CVE-2025-62399
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62399
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62400 - Moodle: hidden group names visible to event creators
CVE ID : CVE-2025-62400
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62400
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62401 - Moodle: possible to bypass timer in timed assignments
CVE ID : CVE-2025-62401
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62401
Published : Oct. 23, 2025, 12:15 p.m. | 2 hours, 59 minutes ago
Description : An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10705 - MxChat – AI Chatbot for WordPress <= 2.4.6 - Unauthenticated Blind Server-Side Request Forgery
CVE ID : CVE-2025-10705
Published : Oct. 23, 2025, 1:15 p.m. | 1 hour, 59 minutes ago
Description : The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due to insufficient validation of user-supplied URLs in the PDF processing functionality. This makes it possible for unauthenticated attackers to make the WordPress server perform HTTP requests to arbitrary destinations via the mxchat_handle_chat_request AJAX action.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10705
Published : Oct. 23, 2025, 1:15 p.m. | 1 hour, 59 minutes ago
Description : The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due to insufficient validation of user-supplied URLs in the PDF processing functionality. This makes it possible for unauthenticated attackers to make the WordPress server perform HTTP requests to arbitrary destinations via the mxchat_handle_chat_request AJAX action.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11023 - Local File Inclusion in ArkSigner's AcBakImzala
CVE ID : CVE-2025-11023
Published : Oct. 23, 2025, 1:15 p.m. | 1 hour, 59 minutes ago
Description : Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows PHP Local File Inclusion.This issue affects AcBakImzala: before v5.1.4.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11023
Published : Oct. 23, 2025, 1:15 p.m. | 1 hour, 59 minutes ago
Description : Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows PHP Local File Inclusion.This issue affects AcBakImzala: before v5.1.4.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11128 - Feedzy RSS Feeds Lite <= 5.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery
CVE ID : CVE-2025-11128
Published : Oct. 23, 2025, 1:15 p.m. | 1 hour, 59 minutes ago
Description : The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.1.0 via the 'feedzy_sanitize_feeds' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query information from internal services.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11128
Published : Oct. 23, 2025, 1:15 p.m. | 1 hour, 59 minutes ago
Description : The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.1.0 via the 'feedzy_sanitize_feeds' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query information from internal services.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8427 - Beaver Builder Plugin (Starter Version) <= 2.9.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'auto_play'
CVE ID : CVE-2025-8427
Published : Oct. 23, 2025, 1:15 p.m. | 1 hour, 59 minutes ago
Description : The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play’ parameter in all versions up to, and including, 2.9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8427
Published : Oct. 23, 2025, 1:15 p.m. | 1 hour, 59 minutes ago
Description : The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play’ parameter in all versions up to, and including, 2.9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...