CVEs from 2025
Total
8,818
critical
critical 1,314
high
high 1,959
medium
medium 1,968
low
low 200
% Critical
14.9%
% with KEV
2.1%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49952 | medium | 6.5 | 6.5 | 8mo ago | Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a … | |||
| CVE-2025-49934 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For … | |||
| CVE-2025-48096 | medium | 6.5 | 6.5 | 8mo ago | Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through <… | |||
| CVE-2025-11913 | medium | 6.5 | 6.5 | 8mo ago | A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do?Action=Download. Such manipulatio… | |||
| CVE-2025-48087 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stored XSS.This issue affects Memberl… | |||
| CVE-2025-11550 | medium | 6.5 | 6.5 | 8mo ago | A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the … | |||
| CVE-2025-9231 | medium | 6.5 | 6.5 | 8mo ago | Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing sid… | |||
| CVE-2025-10981 | medium | 6.5 | 6.5 | 8mo ago | A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be… | |||
| CVE-2025-10980 | medium | 6.5 | 6.5 | 8mo ago | A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. It is pos… | |||
| CVE-2025-10979 | medium | 6.5 | 6.5 | 8mo ago | A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible t… | |||
| CVE-2025-10978 | medium | 6.5 | 6.5 | 8mo ago | A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in … | |||
| CVE-2025-58965 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery fusion-extension-gallery allows St… | |||
| CVE-2025-58265 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stonehenge Creations Events Manager – OpenStreetMaps stonehenge-em-osm allows Stored XSS.This iss… | |||
| CVE-2025-58220 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Techeshta Card Elements for WPBakery card-elements-for-wpbakery allows DOM-Based XSS.This issue a… | |||
| CVE-2025-58023 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in akdevs Genealogical Tree genealogical-tree allows Stored XSS.This issue affects Genealogical Tree… | |||
| CVE-2025-57965 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs WP Proposals allows Stored XSS. This issue affects WP Proposals: from n/a through 2.3. | |||
| CVE-2025-57938 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themewant Easy Hotel Booking easy-hotel allows DOM-Based XSS.This issue affects Easy Hotel Bookin… | |||
| CVE-2025-57902 | medium | 6.5 | 6.5 | 8mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Md Taufiqur Rahman RIS Version Switcher – Downgrade or Upgrade WP Versions Easily ris-version-switcher allows Cross Site Request Forgery.This issue … | |||
| CVE-2025-53570 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Stored XSS.This issue affects DELUCKS SEO: from n/a throug… | |||
| CVE-2025-10770 | medium | 6.5 | 6.5 | 9mo ago | A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing mani… | |||
| CVE-2025-10607 | medium | 6.5 | 6.5 | 9mo ago | A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Avaliacao/diarioApi. Such manipulation leads to information disclosur… | |||
| CVE-2025-6395 | medium | 6.5 | 6.5 | 9mo ago | RHSA-2025:17415: gnutls security, bug fix, and enhancement update (Moderate) | |||
| CVE-2025-10319 | medium | 6.5 | 6.5 | 9mo ago | A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulati… | |||
| CVE-2025-10096 | medium | 6.5 | 6.5 | 9mo ago | A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can … | |||
| CVE-2025-48103 | medium | 6.5 | 6.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mulscully Today's Date Inserter todays-date-inserter allows Stored XSS.This issue affects Today's… | |||
| CVE-2025-58887 | medium | 6.5 | 6.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Course Finder | andré martin - it solutions & research UG Course Booking Platform course-booking-… | |||
| CVE-2025-58607 | medium | 6.5 | 6.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GDPR Info Cookie Notice & Consent Banner for GDPR & CCPA Compliance cookie-notice-and-consent-ban… | |||
| CVE-2025-9602 | medium | 6.5 | 6.5 | 9mo ago | A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possibl… | |||
| CVE-2025-9409 | medium | 6.5 | 6.5 | 9mo ago | A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipu… | |||
| CVE-2025-54008 | medium | 6.5 | 6.5 | 10mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows Retrieve Embedded Sensitive Data.This issue affects JetSmartFilters: from n/a th… | |||
| CVE-2025-53998 | medium | 6.5 | 6.5 | 10mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Retrieve Embedded Sensitive Data.This issue affects JetWooBuilder: from n/a through … | |||
| CVE-2025-53993 | medium | 6.5 | 6.5 | 10mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetPopup jet-popup allows Retrieve Embedded Sensitive Data.This issue affects JetPopup: from n/a through <= 2.0.15. | |||
| CVE-2025-53992 | medium | 6.5 | 6.5 | 10mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTricks jet-tricks allows Retrieve Embedded Sensitive Data.This issue affects JetTricks: from n/a through <= 1.5.4.1. | |||
| CVE-2025-53988 | medium | 6.5 | 6.5 | 10mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: fr… | |||
| CVE-2025-53987 | medium | 6.5 | 6.5 | 10mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu jet-menu allows Retrieve Embedded Sensitive Data.This issue affects JetMenu: from n/a through <= 2.4.11.1. | |||
| CVE-2025-53985 | medium | 6.5 | 6.5 | 10mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs jet-tabs allows Retrieve Embedded Sensitive Data.This issue affects JetTabs: from n/a through <= 2.2.9. | |||
| CVE-2025-53983 | medium | 6.5 | 6.5 | 10mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Element… | |||
| CVE-2025-53196 | medium | 6.5 | 6.5 | 10mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through <= 3.7.0. | |||
| CVE-2025-47650 | medium | 6.5 | 6.5 | 10mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Infility Infility Global infility-global allows Path Traversal.This issue affects Infility Global: from… | |||
| CVE-2025-9139 | medium | 6.5 | 6.5 | 10mo ago | A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation… | |||
| CVE-2025-49895 | medium | 6.5 | 6.5 | 10mo ago | Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5. | |||
| CVE-2025-8992 | medium | 6.5 | 6.5 | 10mo ago | A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remot… | |||
| CVE-2025-52721 | medium | 6.5 | 6.5 | 10mo ago | Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3. | |||
| CVE-2025-49437 | medium | 6.5 | 6.5 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in worstguy WP LOL Rotation league-of-legends-rotation allows Stored XSS.This issue affects WP LOL R… | |||
| CVE-2025-49433 | medium | 6.5 | 6.5 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThanhD Supermalink supermalink allows DOM-Based XSS.This issue affects Supermalink: from n/a thro… | |||
| CVE-2025-8347 | medium | 6.5 | 6.5 | 10mo ago | A vulnerability, which was classified as critical, was found in Kehua Charging Pile Cloud Platform 1.0. This affects an unknown part of the file /sys/task/findAllTask. The manipulation leads to sql i… | |||
| CVE-2025-7948 | medium | 6.5 | 6.5 | 11mo ago | A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to … | |||
| CVE-2025-7784 | medium | 6.5 | 6.5 | 11mo ago | Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled) | |||
| CVE-2025-48339 | medium | 6.5 | 6.5 | 11mo ago | Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - Wha… | |||
| CVE-2025-7511 | medium | 6.5 | 6.5 | 11mo ago | A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/update_account.php. The manipulation of the argumen… | |||
| CVE-2025-50032 | medium | 6.5 | 6.5 | 11mo ago | Missing Authorization vulnerability in Paytiko - Payment Orchestration Platform Paytiko for WooCommerce paytiko allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe… | |||
| CVE-2025-53320 | medium | 6.5 | 6.5 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wp Enhanced Free Downloads EDD allows DOM-Based XSS. This issue affects Free Downloads EDD: from … | |||
| CVE-2025-53290 | medium | 6.5 | 6.5 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MS WP Visual Sitemap wp-visual-sitemap allows Stored XSS.This issue affects WP Visual Sitemap: fr… | |||
| CVE-2025-50034 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg enhanced-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.… | |||
| CVE-2025-5888 | medium | 6.5 | 6.5 | 1y ago | A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request fo… | |||
| CVE-2025-48147 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway cryptocloud-crypto-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.Thi… | |||
| CVE-2025-5273 | medium | 6.5 | 6.5 | 1y ago | Markdownify MCP Server allows attackers to read arbitrary files | |||
| CVE-2025-47619 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through <= 2.20.2. | |||
| CVE-2025-47529 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin experto-cta-widget allows Exploiting Incorrectly Configured Access Con… | |||
| CVE-2025-4969 | medium | 6.5 | 6.5 | 1y ago | A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially… | |||
| CVE-2025-48251 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Emails & Recipients for WooCommerce custom-emails-for-woocommerce all… | |||
| CVE-2025-48250 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Coupons & Add to Cart by URL Links for WooCommerce url-coupons-for-woocommerce-by-algor… | |||
| CVE-2025-48232 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Stored XSS… | |||
| CVE-2025-47664 | medium | 6.5 | 6.5 | 1y ago | Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2. | |||
| CVE-2025-23906 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from… | |||
| CVE-2025-23773 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in mingocommerce Delete All Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delete All Posts: through 1.1.1. | |||
| CVE-2025-3406 | medium | 6.5 | 6.5 | 1y ago | A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The mani… | |||
| CVE-2025-32187 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quý Lê 91 Administrator Z administrator-z allows DOM-Based XSS.This issue affects Administrator Z… | |||
| CVE-2025-32183 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Galaxy Weblinks Video Playlist For YouTube video-playlist-for-youtube allows Stored XSS.This issu… | |||
| CVE-2025-32162 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Morgan Kay Chamber Dashboard Business Directory allows DOM-Based XSS. This issue affects Chamber … | |||
| CVE-2025-31407 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0. | |||
| CVE-2025-22285 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in enituretechnology Pallet Packaging for WooCommerce pallet-packaging-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |||
| CVE-2025-31889 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a th… | |||
| CVE-2025-31875 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluginic FancyPost post-block allows DOM-Based XSS.This issue affects FancyPost: from n/a through… | |||
| CVE-2025-31409 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a. | |||
| CVE-2025-31593 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OpenMenu OpenMenu allows Stored XSS. This issue affects OpenMenu: from n/a through 3.5. | |||
| CVE-2025-31419 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeix Churel allows DOM-Based XSS.This issue affects Churel: from n/a through 1.0.8. | |||
| CVE-2025-22278 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1… | |||
| CVE-2025-26737 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.… | |||
| CVE-2025-30893 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadConnector LeadConnector leadconnector allows DOM-Based XSS.This issue affects LeadConnector: … | |||
| CVE-2025-26747 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 99colorthemes RainbowNews allows Stored XSS.This issue affects RainbowNews: from n/a through 1.0.… | |||
| CVE-2025-26739 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction newseqo allows Stored XSS.This issue affects newseqo: from n/a through 2.1.1. | |||
| CVE-2025-25084 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antrouss UniTimetable unitimetable allows Stored XSS.This issue affects UniTimetable: from n/a th… | |||
| CVE-2025-23763 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in Alex Volkov WAH Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WAH Forms: from n/a through 1.0. | |||
| CVE-2025-27016 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awsm.in Drivr Lite – Google Drive Plugin allows Stored XSS. This issue affects Drivr Lite – Googl… | |||
| CVE-2025-22650 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget smartarget-contact-us allows Stored XSS.This issue affects Sma… | |||
| CVE-2025-1211 | medium | 6.5 | 6.5 | 1y ago | Server-side Request Forgery (SSRF) in hackney | |||
| CVE-2025-24643 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPGuppy: from n/a thr… | |||
| CVE-2025-23907 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in closed SOCIAL.NINJA allows Stored XSS. This issue affects SOCIAL.NINJA: from n/a through 0.2. | |||
| CVE-2025-23824 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Weleczka FontAwesome.io ShortCodes allows Stored XSS.This issue affects FontAwesome.io … | |||
| CVE-2025-23816 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n… | |||
| CVE-2025-23772 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eugenio Petulla’ imaGenius imagenius allows Stored XSS.This issue affects imaGenius: from n/a thr… | |||
| CVE-2025-23444 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nasir179125 Scroll Top Advanced scroll-top-advanced allows Stored XSS.This issue affects Scroll T… | |||
| CVE-2025-23434 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in viher3 Easy EU Cookie law easy-eu-cookie-law allows Stored XSS.This issue affects Easy EU Cookie … | |||
| CVE-2025-23366 | medium | 6.5 | 6.5 | 1y ago | A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is ser… | |||
| CVE-2025-22365 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a thr… | |||
| CVE-2025-22354 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Themes Digi Store allows DOM-Based XSS.This issue affects Digi Store: from n/a through 1.1.4. | |||
| CVE-2025-22334 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FilaThemes Education LMS allows Stored XSS.This issue affects Education LMS: from n/a through 0.0… | |||
| CVE-2025-59610 | medium | 6.4 | 6.4 | 2d ago | Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer. | |||
| CVE-2025-14042 | medium | 6.4 | 6.4 | 6d ago | The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Project Details' custom field in Portfolio Items in all versions up to, and … |