CVEs from 2025
Total
8,971
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-67618 | high | 7.1 | 7.1 | 3mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4. | |||
| CVE-2025-50001 | high | 7.1 | 7.1 | 3mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from … | |||
| CVE-2025-39760 | high | 7.1 | 7.1 | 4mo ago | Moderate: kernel security update | |||
| CVE-2025-69317 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through <… | |||
| CVE-2025-69316 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n… | |||
| CVE-2025-69098 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWave Hide My WP hide_my_wp allows Reflected XSS.This issue affects Hide My WP: from n/a through… | |||
| CVE-2025-68864 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Stored XSS.This issue affects Infility Global: fr… | |||
| CVE-2025-49249 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Drone drone allows Reflected XSS.This issue affects Drone: from n/a through <= 1.40. | |||
| CVE-2025-49066 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Reflected XSS.This issue affects Ac… | |||
| CVE-2025-49046 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup xPromoter top_bar_promoter allows Reflected XSS.This issue affects xPromoter: from n… | |||
| CVE-2025-49045 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Interactive Maps super-interactive-maps allows Reflected XSS.This issue affects … | |||
| CVE-2025-49043 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic_carousel allows Reflected XSS.T… | |||
| CVE-2025-48094 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Slider magic_slider allows Reflected XSS.This issue affects Magic Slider: from… | |||
| CVE-2025-39806 | high | 7.1 | 7.1 | 5mo ago | Moderate: kernel security update | |||
| CVE-2025-46494 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through… | |||
| CVE-2025-32300 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: … | |||
| CVE-2025-31642 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This issue affects WPCHURCH: from n/a through 2.7.0. | |||
| CVE-2025-30631 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Build… | |||
| CVE-2025-52739 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3. | |||
| CVE-2025-50053 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App yournewsapp… | |||
| CVE-2025-47566 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomSounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through 6.91. | |||
| CVE-2025-31054 | high | 7.1 | 7.1 | 5mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8. | |||
| CVE-2025-14956 | high | 7.1 | 7.1 | 6mo ago | A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes he… | |||
| CVE-2025-1927 | high | 7.1 | 7.1 | 6mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Cross Site Request Forgery. This issue affects Online Food Delivery Syste… | |||
| CVE-2025-14101 | high | 7.1 | 7.1 | 6mo ago | Authorization Bypass Through User-Controlled Key vulnerability in GG Soft Software Services Inc. PaperWork allows Exploitation of Trusted Identifiers. This issue affects PaperWork: from 5.2.0.9427 b… | |||
| CVE-2025-1161 | high | 7.1 | 7.1 | 6mo ago | Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation. This issue affects Nomysem: through May 2025. | |||
| CVE-2025-63030 | high | 7.1 | 7.1 | 6mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.3. | |||
| CVE-2025-49351 | high | 7.1 | 7.1 | 6mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through <= 1.3.1. | |||
| CVE-2025-13564 | high | 7.1 | 7.1 | 7mo ago | A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulati… | |||
| CVE-2025-21647 | high | 7.1 | 7.1 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-49909 | high | 7.1 | 7.1 | 7mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Bookmark & Follow penci-bookmark-follow allows Reflected XSS.This issue affects… | |||
| CVE-2025-49905 | high | 7.1 | 7.1 | 7mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsCafe Range Slider Addon for Gravity Forms range-slider-addon-for-gravity-forms allows Refl… | |||
| CVE-2025-49904 | high | 7.1 | 7.1 | 7mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Refle… | |||
| CVE-2025-49394 | high | 7.1 | 7.1 | 7mo ago | Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.Th… | |||
| CVE-2025-49390 | high | 7.1 | 7.1 | 7mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in christophrado Cookie Notice & Consent cookie-notice-consent allows Stored XSS.This issue affects … | |||
| CVE-2025-48085 | high | 7.1 | 7.1 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through <= 0.9.17. | |||
| CVE-2025-48083 | high | 7.1 | 7.1 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through <= 0.5. | |||
| CVE-2025-48078 | high | 7.1 | 7.1 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through <= 0.3. | |||
| CVE-2025-48077 | high | 7.1 | 7.1 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through <= 1.0. | |||
| CVE-2025-59006 | high | 7.1 | 7.1 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Easy Woocommerce Customizer easy-woocommerce-customizer allows Reflected XSS.This issue … | |||
| CVE-2025-58966 | high | 7.1 | 7.1 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms LITE nex-forms-lite allows Reflected XSS.This issue affects NEX-Forms LITE: from … | |||
| CVE-2025-49957 | high | 7.1 | 7.1 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Email Attachment by Order Status & Products email-attachment-by-or… | |||
| CVE-2025-39817 | high | 7.1 | 7.1 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-39757 | high | 7.1 | 7.1 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-39682 | high | 7.1 | 7.1 | 8mo ago | Moderate: kernel security update | |||
| CVE-2025-60171 | high | 7.1 | 7.1 | 8mo ago | Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com yourplugins-wc-conditional-cart-notices allows Stored XSS.This issue affects… | |||
| CVE-2025-57977 | high | 7.1 | 7.1 | 9mo ago | Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress flexible-invoices allows Cross Site Request Forgery.This issue affects Flexible PDF Invoice… | |||
| CVE-2025-39853 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - if the list is empty, it still … | |||
| CVE-2025-39839 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadv_nc_skb_decode_packet() trusts coded_len and checks only against sk… | |||
| CVE-2025-9969 | high | 7.1 | 7.1 | 9mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vizly Web Design Real Estate Packages allows Content Spoofing, CAPEC - 593 - Session Hijac… | |||
| CVE-2025-8411 | high | 7.1 | 7.1 | 9mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers. This … | |||
| CVE-2025-58991 | high | 7.1 | 7.1 | 9mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4. | |||
| CVE-2025-39719 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hw_xlate array Fix a potential out-of-bounds array access of the hw_xlate array in bno055.c. … | |||
| CVE-2025-39710 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a check to ensure that the packet size does not ex… | |||
| CVE-2025-39687 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can rea… | |||
| CVE-2025-39685 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: comedi: pcl726: Prevent invalid irq number The reproducer passed in an irq number(0x80008000) that was too large, which triggered… | |||
| CVE-2025-39683 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exc… | |||
| CVE-2025-38736 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus… | |||
| CVE-2025-38728 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to… | |||
| CVE-2025-38715 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfs_bnode_read() This patch introduces is_bnode_offset_valid() method that checks the requested of… | |||
| CVE-2025-38714 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() The hfsplus_bnode_read() method can trigger the issue: [ 174.852007][ T… | |||
| CVE-2025-38713 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is capable to crash by calling hfsplus_uni… | |||
| CVE-2025-38680 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() The buffer length check before calling uvc_parse_format() on… | |||
| CVE-2025-38679 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: media: venus: Fix OOB read due to missing payload bound check Currently, The event_seq_changed() handler processes a variable num… | |||
| CVE-2025-38677 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: <TASK> __dump_stack lib/dump_stack.c:94 [in… | |||
| CVE-2025-38670 | high | 7.1 | 7.1 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to chang… | |||
| CVE-2025-53319 | high | 7.1 | 7.1 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads adthrive-ads allows Reflected XSS.This issue affects Raptive Ads: from n/a th… | |||
| CVE-2025-49411 | high | 7.1 | 7.1 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from n/a through 0.… | |||
| CVE-2025-38502 | high | 7.1 | 7.1 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix oob access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can be crafted v… | |||
| CVE-2025-29014 | high | 7.1 | 7.1 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This issue affects FoodMenu: from n/a through 1.20. | |||
| CVE-2025-28999 | high | 7.1 | 7.1 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Pa… | |||
| CVE-2025-4040 | high | 7.1 | 7.1 | 11mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Turpak Automatic Station Monitoring System allows Privilege Escalation. This issue affects Automatic Station Monitoring System: befo… | |||
| CVE-2025-7365 | high | 7.1 | 7.1 | 11mo ago | Keycloak phishing attack via email verification step in first login flow | |||
| CVE-2025-38342 | high | 7.1 | 7.1 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-t… | |||
| CVE-2025-52796 | high | 7.1 | 7.1 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14. | |||
| CVE-2025-49866 | high | 7.1 | 7.1 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XS… | |||
| CVE-2025-38111 | high | 7.1 | 7.1 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write da… | |||
| CVE-2025-52774 | high | 7.1 | 7.1 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global:… | |||
| CVE-2025-47574 | high | 7.1 | 7.1 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a t… | |||
| CVE-2025-39478 | high | 7.1 | 7.1 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from … | |||
| CVE-2025-31067 | high | 7.1 | 7.1 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Seven Stars allows Stored XSS. This issue affects Seven Stars: from n/a through 1.4.4. | |||
| CVE-2025-52793 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Esselink.nu Esselink.nu Settings esselinknu-settings allows Reflected XSS.This issue affects Esselink.nu Settings: from n/a through <= 4.5. | |||
| CVE-2025-52791 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker knowledge-base-maker allows Stored XSS.This issue affects Knowledge Base – Knowledge Base Maker:… | |||
| CVE-2025-52772 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4. | |||
| CVE-2025-5900 | high | 7.1 | 7.1 | 1y ago | A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiat… | |||
| CVE-2025-48279 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Perdaan WC MyParcel Belgium allows Reflected XSS. This issue affects WC MyParcel Belgium:… | |||
| CVE-2025-31638 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Spare allows Reflected XSS. This issue affects Spare: from n/a through 1.7. | |||
| CVE-2025-28948 | high | 7.1 | 7.1 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a t… | |||
| CVE-2025-47618 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator bmi-adultkid-calculator allows Reflected XSS.This … | |||
| CVE-2025-47613 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a t… | |||
| CVE-2025-39365 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects wProject: from n/a before 5.8.0. | |||
| CVE-2025-39409 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pressaholic WordPress Video Robot - The Ultimate Video Importer.This issue affects WordPress Vide… | |||
| CVE-2025-39407 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a before 1… | |||
| CVE-2025-23988 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a throug… | |||
| CVE-2025-23986 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyrewurks Tiki Time allows Reflected XSS.This issue affects Tiki Time: from n/a through 1.3. | |||
| CVE-2025-23981 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takimi Themes CarZine allows Reflected XSS.This issue affects CarZine: from n/a through 1.4.6. | |||
| CVE-2025-23979 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in duwasai Flashy allows Reflected XSS.This issue affects Flashy: from n/a through 1.2.1. | |||
| CVE-2025-22792 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jinwen Js O3 Lite allows Reflected XSS.This issue affects Js O3 Lite: from n/a through 1.5.8.2. | |||
| CVE-2025-22791 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twh offset writing allows Reflected XSS.This issue affects offset writing: from n/a through 1.2. | |||
| CVE-2025-22790 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in asmedia allows Reflected XSS.This issue affects moseter: from n/a through 1.3.1. |