CVEs from 2025
Total
8,971
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-53679 | high | 7.2 | 7.2 | 6mo ago | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 thr… | |||
| CVE-2025-14219 | high | 7.2 | 7.2 | 6mo ago | A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing a manipulation of the … | |||
| CVE-2025-14092 | high | 7.2 | 7.2 | 6mo ago | A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the function sub_416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host … | |||
| CVE-2025-14090 | high | 7.2 | 7.2 | 6mo ago | A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmake_down.php. Performing manipulation of the argument ID … | |||
| CVE-2025-14012 | high | 7.2 | 7.2 | 6mo ago | A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delet… | |||
| CVE-2025-14011 | high | 7.2 | 7.2 | 6mo ago | A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a man… | |||
| CVE-2025-14008 | high | 7.2 | 7.2 | 6mo ago | A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. … | |||
| CVE-2025-13811 | high | 7.2 | 7.2 | 6mo ago | A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executin… | |||
| CVE-2025-13586 | high | 7.2 | 7.2 | 7mo ago | A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirm_passwo… | |||
| CVE-2025-13574 | high | 7.2 | 7.2 | 7mo ago | A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument ca… | |||
| CVE-2025-13545 | high | 7.2 | 7.2 | 7mo ago | A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /admin_… | |||
| CVE-2025-0645 | high | 7.2 | 7.2 | 7mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Accessing Functionality Not Properly Constrained by… | |||
| CVE-2025-0643 | high | 7.2 | 7.2 | 7mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Stored … | |||
| CVE-2025-13423 | high | 7.2 | 7.2 | 7mo ago | A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_product.php. Executing a manipulation of the argument … | |||
| CVE-2025-13185 | high | 7.2 | 7.2 | 7mo ago | A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profile_image/ban… | |||
| CVE-2025-12927 | high | 7.2 | 7.2 | 7mo ago | A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archives_add.php. Such manipulation of the argument flags[] leads to … | |||
| CVE-2025-12861 | high | 7.2 | 7.2 | 7mo ago | A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/spec_add.php. This manipulation of the argument flags[] causes sql… | |||
| CVE-2025-12860 | high | 7.2 | 7.2 | 7mo ago | A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelist_main.php. The manipulation of the argument orderby results in sql injection. The attack c… | |||
| CVE-2025-12859 | high | 7.2 | 7.2 | 7mo ago | A vulnerability has been found in DedeBIZ up to 6.3.2. This impacts an unknown function of the file /admin/templets_one_edit.php. The manipulation of the argument ids leads to sql injection. Remote e… | |||
| CVE-2025-12610 | high | 7.2 | 7.2 | 7mo ago | A vulnerability was determined in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/view-progress-report.php. Executing a manipulation of the argument ID can lead t… | |||
| CVE-2025-12594 | high | 7.2 | 7.2 | 7mo ago | A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. This affects an unknown function of the file /admin/add_account.php. The manipulation of the argument … | |||
| CVE-2025-12593 | high | 7.2 | 7.2 | 7mo ago | A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/edit_room.php of the component Photo Handler… | |||
| CVE-2025-12331 | high | 7.2 | 7.2 | 7mo ago | A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attac… | |||
| CVE-2025-12287 | high | 7.2 | 7.2 | 7mo ago | A security vulnerability has been detected in Bdtask Wholesale Inventory Control and Inventory Management System up to 20251013. This impacts an unknown function of the file /Admin_dashboard/edit_pro… | |||
| CVE-2025-12201 | high | 7.2 | 7.2 | 7mo ago | A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component… | |||
| CVE-2025-49950 | high | 7.2 | 7.2 | 8mo ago | Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through <= 4.3.0. | |||
| CVE-2025-49926 | high | 7.2 | 7.2 | 8mo ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through <= 3.25. | |||
| CVE-2025-49924 | high | 7.2 | 7.2 | 8mo ago | Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.4.2. | |||
| CVE-2025-11944 | high | 7.2 | 7.2 | 8mo ago | A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes… | |||
| CVE-2025-11939 | high | 7.2 | 7.2 | 8mo ago | A vulnerability was determined in ChurchCRM up to 5.18.0. This issue affects some unknown processing of the file src/ChurchCRM/Backup/RestoreJob.php of the component Backup Restore Handler. Executing… | |||
| CVE-2025-11904 | high | 7.2 | 7.2 | 8mo ago | A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The att… | |||
| CVE-2025-11903 | high | 7.2 | 7.2 | 8mo ago | A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing a manipulation of the argument cid can lead to sql … | |||
| CVE-2025-11902 | high | 7.2 | 7.2 | 8mo ago | A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing a manipulation of the argumen… | |||
| CVE-2025-11668 | high | 7.2 | 7.2 | 8mo ago | A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/update_user.php. This manipulation of the argument… | |||
| CVE-2025-11470 | high | 7.2 | 7.2 | 8mo ago | A security vulnerability has been detected in SourceCodester Hotel and Lodge Management System up to 1.0. The impacted element is an unknown function of the file /manage_website.php. The manipulation… | |||
| CVE-2025-11335 | high | 7.2 | 7.2 | 8mo ago | A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub_46409C of the file /msp_info.htm?flag=qos of the component jhttpd. This manipul… | |||
| CVE-2025-11331 | high | 7.2 | 7.2 | 8mo ago | A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulatio… | |||
| CVE-2025-11136 | high | 7.2 | 7.2 | 8mo ago | A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argum… | |||
| CVE-2025-11103 | high | 7.2 | 7.2 | 8mo ago | A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulat… | |||
| CVE-2025-11071 | high | 7.2 | 7.2 | 8mo ago | A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admin_cron.php of the component Cron Task Management Module. The manipulation of the a… | |||
| CVE-2025-10775 | high | 7.2 | 7.2 | 9mo ago | A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub_4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr le… | |||
| CVE-2025-10765 | high | 7.2 | 7.2 | 9mo ago | A security flaw has been discovered in SeriaWei ZKEACMS up to 4.3. This vulnerability affects the function CheckPage/Suggestions in the library cms-v4.3\wwwroot\Plugins\ZKEACMS.SEOSuggestions\ZKEACMS… | |||
| CVE-2025-10397 | high | 7.2 | 7.2 | 9mo ago | A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The manipulation of the argument cjurl leads to server-side request forg… | |||
| CVE-2025-10394 | high | 7.2 | 7.2 | 9mo ago | A vulnerability has been found in fcba_zzm ics-park Smart Park Management System 2.0. Affected is an unknown function of the file ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/JobController.… | |||
| CVE-2025-10122 | high | 7.2 | 7.2 | 9mo ago | A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql … | |||
| CVE-2025-10087 | high | 7.2 | 7.2 | 9mo ago | A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argum… | |||
| CVE-2025-10081 | high | 7.2 | 7.2 | 9mo ago | A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted… | |||
| CVE-2025-9920 | high | 7.2 | 7.2 | 9mo ago | A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results in fi… | |||
| CVE-2025-9745 | high | 7.2 | 7.2 | 9mo ago | A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of th… | |||
| CVE-2025-9529 | high | 7.2 | 7.2 | 9mo ago | A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element is the function include of the file /index.php. This manipulation of the argument page causes file incl… | |||
| CVE-2025-9528 | high | 7.2 | 7.2 | 9mo ago | A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command ca… | |||
| CVE-2025-9402 | high | 7.2 | 7.2 | 10mo ago | A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of… | |||
| CVE-2025-1929 | high | 7.2 | 7.2 | 10mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Inje… | |||
| CVE-2025-8379 | high | 7.2 | 7.2 | 10mo ago | A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument… | |||
| CVE-2025-6175 | high | 7.2 | 7.2 | 10mo ago | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146. | |||
| CVE-2025-8158 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in PHPGurukul Login and User Management System 3.3. It has been declared as critical. This vulnerability affects unknown code of the file /admin/yesterday-reg-users.php. The… | |||
| CVE-2025-8157 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3. It has been classified as critical. This affects an unknown part of the file /admin/lastthirtyays-reg-users.… | |||
| CVE-2025-8156 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/lastseven… | |||
| CVE-2025-7898 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of the component Account Setting Pag… | |||
| CVE-2025-7566 | high | 7.2 | 7.2 | 11mo ago | A vulnerability has been found in jshERP up to 3.5 and classified as critical. This vulnerability affects the function exportExcelByParam of the file /src/main/java/com/jsh/erp/controller/SystemConfi… | |||
| CVE-2025-7553 | high | 7.2 | 7.2 | 11mo ago | A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server l… | |||
| CVE-2025-7477 | high | 7.2 | 7.2 | 11mo ago | A vulnerability, which was classified as critical, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_cars.php. The manipu… | |||
| CVE-2025-7177 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in PHPGurukul Car Washing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/editcar-washpoint.php… | |||
| CVE-2025-7175 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in code-projects E-Commerce Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argumen… | |||
| CVE-2025-7127 | high | 7.2 | 7.2 | 11mo ago | A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System up to 1.0. This affects an unknown part of the file /admin/changepassword.php. The manipulation… | |||
| CVE-2025-7126 | high | 7.2 | 7.2 | 11mo ago | A vulnerability, which was classified as critical, has been found in itsourcecode Employee Management System up to 1.0. Affected by this issue is some unknown functionality of the file /admin/adminpr… | |||
| CVE-2025-7125 | high | 7.2 | 7.2 | 11mo ago | A vulnerability classified as critical was found in itsourcecode Employee Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editempeducation.p… | |||
| CVE-2025-7123 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in Campcodes Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/complaint-details.php. The manipul… | |||
| CVE-2025-6873 | high | 7.2 | 7.2 | 11mo ago | A vulnerability, which was classified as critical, has been found in SourceCodester Simple Company Website 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save. The m… | |||
| CVE-2025-6872 | high | 7.2 | 7.2 | 11mo ago | A vulnerability classified as critical was found in SourceCodester Simple Company Website 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The m… | |||
| CVE-2025-6869 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/testimonials/ma… | |||
| CVE-2025-6868 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/clients/manage.php. The manipulation of … | |||
| CVE-2025-6867 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in SourceCodester Simple Company Website 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/services/manage.php. The manipulation … | |||
| CVE-2025-6842 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in code-projects Product Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit_user.php. The manipulation of th… | |||
| CVE-2025-6841 | high | 7.2 | 7.2 | 11mo ago | A vulnerability has been found in code-projects Product Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation … | |||
| CVE-2025-6762 | high | 7.2 | 7.2 | 11mo ago | A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the a… | |||
| CVE-2025-6624 | high | 7.2 | 7.2 | 1y ago | Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode | |||
| CVE-2025-6610 | high | 7.2 | 7.2 | 1y ago | A vulnerability was found in itsourcecode Employee Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/editempprofile.php. The manipulatio… | |||
| CVE-2025-6484 | high | 7.2 | 7.2 | 1y ago | A vulnerability was found in code-projects Online Shopping Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the … | |||
| CVE-2025-6335 | high | 7.2 | 7.2 | 1y ago | A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The m… | |||
| CVE-2025-6173 | high | 7.2 | 7.2 | 1y ago | A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation of the… | |||
| CVE-2025-6009 | high | 7.2 | 7.2 | 1y ago | A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argum… | |||
| CVE-2025-6008 | high | 7.2 | 7.2 | 1y ago | A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation … | |||
| CVE-2025-6007 | high | 7.2 | 7.2 | 1y ago | A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/C… | |||
| CVE-2025-6006 | high | 7.2 | 7.2 | 1y ago | A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the … | |||
| CVE-2025-6005 | high | 7.2 | 7.2 | 1y ago | A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutim… | |||
| CVE-2025-32550 | high | 7.2 | 7.2 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Ple… | |||
| CVE-2025-26885 | high | 7.2 | 7.2 | 1y ago | Deserialization of Untrusted Data vulnerability in Beaver Builder WordPress Assistant assistant allows Object Injection.This issue affects WordPress Assistant: from n/a through <= 1.5.1. | |||
| CVE-2025-0957 | high | 7.2 | 7.2 | 1y ago | The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping.… | |||
| CVE-2025-0953 | high | 7.2 | 7.2 | 1y ago | The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. T… | |||
| CVE-2025-0918 | high | 7.2 | 7.2 | 1y ago | The SMTP for SendGrid – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. Thi… | |||
| CVE-2025-67448 | high | 7.1 | 7.1 | 2d ago | The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying the… | |||
| CVE-2025-15654 | high | 7.1 | 7.1 | 3d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8. | |||
| CVE-2025-52759 | high | 7.1 | 7.1 | 4d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a thr… | |||
| CVE-2025-52747 | high | 7.1 | 7.1 | 10d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox … | |||
| CVE-2025-22741 | high | 7.1 | 7.1 | 10d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a thr… | |||
| CVE-2025-14361 | high | 7.1 | 7.1 | 11d ago | Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n… | |||
| CVE-2025-13477 | high | 7.1 | 7.1 | 16d ago | Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. Thi… | |||
| CVE-2025-15381 | high | 7.1 | 7.1 | 2mo ago | MLFlow allows Tracing + Assessments Access | |||
| CVE-2025-68836 | high | 7.1 | 7.1 | 3mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table of Contents Creator allows Reflected XSS.This issue affects Table of Contents … |