CVEs from 2025
Total
8,971
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-48977 | medium | 6.5 | 6.5 | 10d ago | Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This iss… | |||
| CVE-2025-0898 | medium | 6.5 | 6.5 | 11d ago | The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authentica… | |||
| CVE-2025-62745 | medium | 6.5 | 6.5 | 12d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS. This issue affects Team Showcase: from n/a through … | |||
| CVE-2025-32745 | medium | 6.5 | 6.5 | 15d ago | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulner… | |||
| CVE-2025-31985 | medium | 6.5 | 6.5 | 18d ago | HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, p… | |||
| CVE-2025-5351 | medium | 6.5 | 6.5 | 19d ago | Moderate: libssh security update | |||
| CVE-2025-67437 | medium | 6.5 | 6.5 | 22d ago | Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset. | |||
| CVE-2025-15463 | medium | 6.5 | 6.5 | 25d ago | The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users … | |||
| CVE-2025-15633 | medium | 6.5 | 6.5 | 29d ago | An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables)… | |||
| CVE-2025-66171 | medium | 6.5 | 6.5 | 29d ago | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e… | |||
| CVE-2025-66170 | medium | 6.5 | 6.5 | 29d ago | The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plug… | |||
| CVE-2025-31982 | medium | 6.5 | 6.5 | 1mo ago | HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of s… | |||
| CVE-2025-42611 | medium | 6.5 | 6.5 | 1mo ago | RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x… | |||
| CVE-2025-70072 | medium | 6.5 | 6.5 | 1mo ago | An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components | |||
| CVE-2025-70070 | medium | 6.5 | 6.5 | 1mo ago | An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry() | |||
| CVE-2025-14726 | medium | 6.5 | 6.5 | 1mo ago | The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindex_feed_hook_instagram/… | |||
| CVE-2025-36122 | medium | 6.5 | 6.5 | 1mo ago | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially cra… | |||
| CVE-2025-13480 | medium | 6.5 | 6.5 | 2mo ago | Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive informa… | |||
| CVE-2025-61624 | medium | 6.5 | 6.5 | 2mo ago | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions… | |||
| CVE-2025-3756 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks cou… | |||
| CVE-2025-59969 | medium | 6.5 | 6.5 | 2mo ago | A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series … | |||
| CVE-2025-69988 | medium | 6.5 | 6.5 | 2mo ago | BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the attacker gains a… | |||
| CVE-2025-14716 | medium | 6.5 | 6.5 | 3mo ago | Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.This issue affects GateManager: 11.4;0. | |||
| CVE-2025-32223 | medium | 6.5 | 6.5 | 3mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/… | |||
| CVE-2025-13778 | medium | 6.5 | 6.5 | 3mo ago | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | |||
| CVE-2025-66955 | medium | 6.5 | 6.5 | 3mo ago | Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachmen… | |||
| CVE-2025-61154 | medium | 6.5 | 6.5 | 3mo ago | Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service (DoS) via the function decompress_R2004_section at decod… | |||
| CVE-2025-69653 | medium | 6.5 | 6.5 | 3mo ago | A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in q… | |||
| CVE-2025-68514 | medium | 6.5 | 6.5 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Level… | |||
| CVE-2025-68023 | medium | 6.5 | 6.5 | 4mo ago | Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issu… | |||
| CVE-2025-68005 | medium | 6.5 | 6.5 | 4mo ago | Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a … | |||
| CVE-2025-67969 | medium | 6.5 | 6.5 | 4mo ago | Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.… | |||
| CVE-2025-67624 | medium | 6.5 | 6.5 | 4mo ago | Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize … | |||
| CVE-2025-8303 | medium | 6.5 | 6.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 (With Do… | |||
| CVE-2025-10464 | medium | 6.5 | 6.5 | 4mo ago | Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data. This issue affects Senseway:… | |||
| CVE-2025-40271 | medium | — | 6.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-69095 | medium | 6.5 | 6.5 | 5mo ago | Missing Authorization vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reservation Plu… | |||
| CVE-2025-68900 | medium | 6.5 | 6.5 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold allows DOM-Based XSS. This issue affects Enfold: from n/a through 7.1.3. | |||
| CVE-2025-68016 | medium | 6.5 | 6.5 | 5mo ago | Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security … | |||
| CVE-2025-46434 | medium | 6.5 | 6.5 | 5mo ago | Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro theplus_elementor_addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue… | |||
| CVE-2025-69363 | medium | 6.5 | 6.5 | 5mo ago | Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a… | |||
| CVE-2025-69335 | medium | 6.5 | 6.5 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Team Showcase team-showcase allows Stored XSS.This issue affects Team Showcase: from … | |||
| CVE-2025-39561 | medium | 6.5 | 6.5 | 5mo ago | Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5. | |||
| CVE-2025-39497 | medium | 6.5 | 6.5 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5. | |||
| CVE-2025-15455 | medium | 6.5 | 6.5 | 5mo ago | A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes… | |||
| CVE-2025-28973 | medium | 6.5 | 6.5 | 5mo ago | Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress pro-watermark allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a t… | |||
| CVE-2025-62746 | medium | 6.5 | 6.5 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeFlavors Featured Video for WordPress – VideographyWP videographywp allows Stored XSS.This iss… | |||
| CVE-2025-69024 | medium | 6.5 | 6.5 | 5mo ago | Missing Authorization vulnerability in bizswoop BizPrint print-google-cloud-print-gcp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizPrint: … | |||
| CVE-2025-15187 | medium | 6.5 | 6.5 | 5mo ago | A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing a manipulation of the argument sqlFiles/z… | |||
| CVE-2025-15070 | medium | 6.5 | 6.5 | 5mo ago | Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse. This issue affects Web Fax: from 3.0 before 3.0.1 | |||
| CVE-2025-14910 | medium | 6.5 | 6.5 | 6mo ago | A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handle_retr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launche… | |||
| CVE-2025-64235 | medium | 6.5 | 6.5 | 6mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Tuturn allows Path Traversal.This issue affects Tuturn: from n/a before 3.6. | |||
| CVE-2025-66104 | medium | 6.5 | 6.5 | 6mo ago | Missing Authorization vulnerability in Anton Vanyukov Offload, AI & Optimize with Cloudflare Images cf-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect… | |||
| CVE-2025-66100 | medium | 6.5 | 6.5 | 6mo ago | Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3… | |||
| CVE-2025-49902 | medium | 6.5 | 6.5 | 6mo ago | Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control… | |||
| CVE-2025-49041 | medium | 6.5 | 6.5 | 6mo ago | Missing Authorization vulnerability in The African Boss Get Cash get-cash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Get Cash: from n/a through <= 3.2.… | |||
| CVE-2025-14747 | medium | 6.5 | 6.5 | 6mo ago | A vulnerability was found in Ningyuanda TC155 57.0.2.0. The impacted element is an unknown function of the component RTSP Service. Performing manipulation results in denial of service. The attack mus… | |||
| CVE-2025-14746 | medium | 6.5 | 6.5 | 6mo ago | A vulnerability has been found in Ningyuanda TC155 57.0.2.0. The affected element is an unknown function of the component RTSP Live Video Stream Endpoint. Such manipulation leads to improper authenti… | |||
| CVE-2025-14512 | medium | 6.5 | 6.5 | 6mo ago | A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when pro… | |||
| CVE-2025-14140 | medium | 6.5 | 6.5 | 6mo ago | A vulnerability was detected in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/websHostFilter. Performing manipulation of the argument addHostFilter results… | |||
| CVE-2025-14117 | medium | 6.5 | 6.5 | 6mo ago | A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has … | |||
| CVE-2025-14052 | medium | 6.5 | 6.5 | 6mo ago | A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the a… | |||
| CVE-2025-13809 | medium | 6.5 | 6.5 | 6mo ago | A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/m… | |||
| CVE-2025-13791 | medium | 6.5 | 6.5 | 6mo ago | A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Su… | |||
| CVE-2025-13785 | medium | 6.5 | 6.5 | 6mo ago | Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images | |||
| CVE-2025-13443 | medium | 6.5 | 6.5 | 7mo ago | A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results … | |||
| CVE-2025-13179 | medium | 6.5 | 6.5 | 7mo ago | A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to … | |||
| CVE-2025-13119 | medium | 6.5 | 6.5 | 7mo ago | A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely… | |||
| CVE-2025-60876 | medium | 6.5 | 6.5 | 7mo ago | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to b… | |||
| CVE-2025-58986 | medium | 6.5 | 6.5 | 7mo ago | Missing Authorization vulnerability in ganddser Jock On Air Now (JOAN) joan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jock On Air Now (JOAN): from n/a… | |||
| CVE-2025-49398 | medium | 6.5 | 6.5 | 7mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appo… | |||
| CVE-2025-12329 | medium | 6.5 | 6.5 | 7mo ago | A security flaw has been discovered in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. The affected element is an unknown function of the file /details.php. Performing manipulation … | |||
| CVE-2025-12328 | medium | 6.5 | 6.5 | 7mo ago | A vulnerability was identified in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. Impacted is an unknown function of the file /contestproblem.php. Such manipulation of the argument … | |||
| CVE-2025-12327 | medium | 6.5 | 6.5 | 7mo ago | A vulnerability was determined in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This issue affects some unknown processing of the file /description.php. This manipulation of the a… | |||
| CVE-2025-62924 | medium | 6.5 | 6.5 | 7mo ago | Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gu… | |||
| CVE-2025-56007 | medium | 6.5 | 6.5 | 8mo ago | CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exp… | |||
| CVE-2025-49961 | medium | 6.5 | 6.5 | 8mo ago | Missing Authorization vulnerability in Breeze Team Breeze Checkout breeze-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze Checkout: from n/a… | |||
| CVE-2025-49952 | medium | 6.5 | 6.5 | 8mo ago | Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a … | |||
| CVE-2025-49934 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For … | |||
| CVE-2025-48096 | medium | 6.5 | 6.5 | 8mo ago | Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through <… | |||
| CVE-2025-11913 | medium | 6.5 | 6.5 | 8mo ago | A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do?Action=Download. Such manipulatio… | |||
| CVE-2025-48087 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stored XSS.This issue affects Memberl… | |||
| CVE-2025-11550 | medium | 6.5 | 6.5 | 8mo ago | A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the … | |||
| CVE-2025-9231 | medium | 6.5 | 6.5 | 8mo ago | Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing sid… | |||
| CVE-2025-10981 | medium | 6.5 | 6.5 | 8mo ago | A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be… | |||
| CVE-2025-10980 | medium | 6.5 | 6.5 | 8mo ago | A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. It is pos… | |||
| CVE-2025-10979 | medium | 6.5 | 6.5 | 8mo ago | A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible t… | |||
| CVE-2025-10978 | medium | 6.5 | 6.5 | 8mo ago | A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in … | |||
| CVE-2025-9342 | medium | 6.5 | 6.5 | 9mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Anadolu Hayat Emeklilik Inc. AHE Mobile allows Privilege Abuse. This issue affects AHE Mobile: from 1.9.7 before 1.9.9. | |||
| CVE-2025-58965 | medium | 6.5 | 6.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery fusion-extension-gallery allows St… | |||
| CVE-2025-58265 | medium | 6.5 | 6.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stonehenge Creations Events Manager – OpenStreetMaps stonehenge-em-osm allows Stored XSS.This iss… | |||
| CVE-2025-58220 | medium | 6.5 | 6.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Techeshta Card Elements for WPBakery card-elements-for-wpbakery allows DOM-Based XSS.This issue a… | |||
| CVE-2025-58023 | medium | 6.5 | 6.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in akdevs Genealogical Tree genealogical-tree allows Stored XSS.This issue affects Genealogical Tree… | |||
| CVE-2025-57965 | medium | 6.5 | 6.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs WP Proposals allows Stored XSS. This issue affects WP Proposals: from n/a through 2.3. | |||
| CVE-2025-57938 | medium | 6.5 | 6.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themewant Easy Hotel Booking easy-hotel allows DOM-Based XSS.This issue affects Easy Hotel Bookin… | |||
| CVE-2025-57902 | medium | 6.5 | 6.5 | 9mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Md Taufiqur Rahman RIS Version Switcher – Downgrade or Upgrade WP Versions Easily ris-version-switcher allows Cross Site Request Forgery.This issue … | |||
| CVE-2025-53570 | medium | 6.5 | 6.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Stored XSS.This issue affects DELUCKS SEO: from n/a throug… | |||
| CVE-2025-0875 | medium | 6.5 | 6.5 | 9mo ago | Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection. This i… | |||
| CVE-2025-10770 | medium | 6.5 | 6.5 | 9mo ago | A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing mani… | |||
| CVE-2025-10607 | medium | 6.5 | 6.5 | 9mo ago | A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Avaliacao/diarioApi. Such manipulation leads to information disclosur… |