| AbanteCart–AbanteCart |
Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim’s browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through “/about_us?[XSS_PAYLOAD]”. |
2025-05-12 |
not yet calculated |
CVE-2025-40626 |
| AbanteCart–AbanteCart |
Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim’s browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through “/eyes? [XSS_PAYLOAD]”. |
2025-05-12 |
not yet calculated |
CVE-2025-40627 |
| Absolute Security–Absolute Persistence |
A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. This may allow a skilled attacker with both physical access to the device, and full hostile network control, to initiate OS commands on the device. To remediate this vulnerability, update the device firmware to the latest available version. Please contact the device manufacturer for upgrade instructions or contact Absolute Security, see reference below. |
2025-05-13 |
not yet calculated |
CVE-2024-6364 |
| alchemyplatform–modular-account |
Alchemy’s Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys (scoped external keys) to external parties and would use the allowlist module to restrict which external contracts can be accessed by the session key. There is a bug in the allowlist module in that we don’t check for the `executeUserOp` -> `execute` or `executeBatch` path, effectively allowing any session key to bypass any access control restrictions set on the session key. Session keys are able to access ERC20 and ERC721 token contracts amongst others, transferring all tokens from the account out andonfigure the permissions on external modules on session keys. They would be able to remove all restrictions set on themselves this way, or rotate the keys of other keys with higher privileges into keys that they control. Commit 5e6f540d249afcaeaf76ab95517d0359fde883b0 fixes this issue. |
2025-05-15 |
not yet calculated |
CVE-2025-46834 |
| Apache Software Foundation–Apache IoTDB |
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue. |
2025-05-14 |
not yet calculated |
CVE-2024-24780 |
| Apache Software Foundation–Apache IoTDB |
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue. |
2025-05-14 |
not yet calculated |
CVE-2025-26864 |
| Apache Software Foundation–Apache IoTDB JDBC driver |
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and 1.3.4, which fix the issue. |
2025-05-14 |
not yet calculated |
CVE-2025-26795 |
| Apache Software Foundation–Apache ORC |
Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption. This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1. Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue. |
2025-05-14 |
not yet calculated |
CVE-2025-47436 |
| Apache Software Foundation–Apache Superset |
Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue. |
2025-05-13 |
not yet calculated |
CVE-2025-27696 |
| Apple–iOS and iPadOS |
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls. |
2025-05-12 |
not yet calculated |
CVE-2025-30436 |
| Apple–iOS and iPadOS |
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user’s installed apps. |
2025-05-12 |
not yet calculated |
CVE-2025-31207 |
| Apple–iOS and iPadOS |
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic. |
2025-05-12 |
not yet calculated |
CVE-2025-31214 |
| Apple–iOS and iPadOS |
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results. |
2025-05-12 |
not yet calculated |
CVE-2025-31225 |
| Apple–iOS and iPadOS |
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording. |
2025-05-12 |
not yet calculated |
CVE-2025-31227 |
| Apple–iOS and iPadOS |
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced. |
2025-05-12 |
not yet calculated |
CVE-2025-31253 |
| Apple–iPadOS |
A permissions issue was addressed with additional restrictions. This issue is fixed in iPadOS 17.7.7, iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier. |
2025-05-12 |
not yet calculated |
CVE-2025-24220 |
| Apple–iPadOS |
An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing. |
2025-05-12 |
not yet calculated |
CVE-2025-24225 |
| Apple–iPadOS |
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication. |
2025-05-12 |
not yet calculated |
CVE-2025-30448 |
| Apple–iPadOS |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents. |
2025-05-12 |
not yet calculated |
CVE-2025-31196 |
| Apple–iPadOS |
The issue was addressed with improved UI. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing web content may lead to a denial-of-service. |
2025-05-12 |
not yet calculated |
CVE-2025-31210 |
| Apple–iPadOS |
The issue was addressed with improved authentication. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access notes from the lock screen. |
2025-05-12 |
not yet calculated |
CVE-2025-31228 |
| Apple–macOS |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data. |
2025-05-12 |
not yet calculated |
CVE-2025-24142 |
| Apple–macOS |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to disclose kernel memory. |
2025-05-12 |
not yet calculated |
CVE-2025-24155 |
| Apple–macOS |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5. Processing maliciously crafted web content may lead to an unexpected process crash. |
2025-05-12 |
not yet calculated |
CVE-2025-24222 |
| Apple–macOS |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root privileges. |
2025-05-12 |
not yet calculated |
CVE-2025-24258 |
| Apple–macOS |
An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges. |
2025-05-12 |
not yet calculated |
CVE-2025-24274 |
| Apple–macOS |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass ASLR. |
2025-05-12 |
not yet calculated |
CVE-2025-30440 |
| Apple–macOS |
The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain elevated privileges. |
2025-05-12 |
not yet calculated |
CVE-2025-30442 |
| Apple–macOS |
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges. |
2025-05-12 |
not yet calculated |
CVE-2025-30453 |
| Apple–macOS |
The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox. |
2025-05-12 |
not yet calculated |
CVE-2025-31195 |
| Apple–macOS |
A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access associated usernames and websites in a user’s iCloud Keychain. |
2025-05-12 |
not yet calculated |
CVE-2025-31213 |
| Apple–macOS |
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to observe the hostnames of new network connections. |
2025-05-12 |
not yet calculated |
CVE-2025-31218 |
| Apple–macOS |
A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information. |
2025-05-12 |
not yet calculated |
CVE-2025-31220 |
| Apple–macOS |
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass certain Privacy preferences. |
2025-05-12 |
not yet calculated |
CVE-2025-31224 |
| Apple–macOS |
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A sandboxed app may be able to access sensitive user data. |
2025-05-12 |
not yet calculated |
CVE-2025-31232 |
| Apple–macOS |
A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to cause unexpected system termination. |
2025-05-12 |
not yet calculated |
CVE-2025-31235 |
| Apple–macOS |
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. |
2025-05-12 |
not yet calculated |
CVE-2025-31236 |
| Apple–macOS |
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead to system termination. |
2025-05-12 |
not yet calculated |
CVE-2025-31237 |
| Apple–macOS |
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead to system termination. |
2025-05-12 |
not yet calculated |
CVE-2025-31240 |
| Apple–macOS |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data. |
2025-05-12 |
not yet calculated |
CVE-2025-31242 |
| Apple–macOS |
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. |
2025-05-12 |
not yet calculated |
CVE-2025-31244 |
| Apple–macOS |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6. Connecting to a malicious AFP server may corrupt kernel memory. |
2025-05-12 |
not yet calculated |
CVE-2025-31246 |
| Apple–macOS |
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An attacker may gain access to protected parts of the file system. |
2025-05-12 |
not yet calculated |
CVE-2025-31247 |
| Apple–macOS |
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. |
2025-05-12 |
not yet calculated |
CVE-2025-31249 |
| Apple–macOS |
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. |
2025-05-12 |
not yet calculated |
CVE-2025-31250 |
| Apple–macOS |
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes. |
2025-05-12 |
not yet calculated |
CVE-2025-31256 |
| Apple–macOS |
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. |
2025-05-12 |
not yet calculated |
CVE-2025-31258 |
| Apple–macOS |
The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges. |
2025-05-12 |
not yet calculated |
CVE-2025-31259 |
| Apple–macOS |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. |
2025-05-12 |
not yet calculated |
CVE-2025-31260 |
| Apple–tvOS |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. |
2025-05-12 |
not yet calculated |
CVE-2025-24223 |
| Apple–tvOS |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. |
2025-05-12 |
not yet calculated |
CVE-2025-31204 |
| Apple–tvOS |
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin. |
2025-05-12 |
not yet calculated |
CVE-2025-31205 |
| Apple–tvOS |
A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
2025-05-12 |
not yet calculated |
CVE-2025-31206 |
| Apple–tvOS |
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination. |
2025-05-12 |
not yet calculated |
CVE-2025-31208 |
| Apple–tvOS |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to disclosure of user information. |
2025-05-12 |
not yet calculated |
CVE-2025-31209 |
| Apple–tvOS |
This issue was addressed through improved state management. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. An app may be able to access sensitive user data. |
2025-05-12 |
not yet calculated |
CVE-2025-31212 |
| Apple–tvOS |
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash. |
2025-05-12 |
not yet calculated |
CVE-2025-31215 |
| Apple–tvOS |
The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
2025-05-12 |
not yet calculated |
CVE-2025-31217 |
| Apple–tvOS |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An attacker may be able to cause unexpected system termination or corrupt kernel memory. |
2025-05-12 |
not yet calculated |
CVE-2025-31219 |
| Apple–tvOS |
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory. |
2025-05-12 |
not yet calculated |
CVE-2025-31221 |
| Apple–tvOS |
A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A user may be able to elevate privileges. |
2025-05-12 |
not yet calculated |
CVE-2025-31222 |
| Apple–tvOS |
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. |
2025-05-12 |
not yet calculated |
CVE-2025-31223 |
| Apple–tvOS |
A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. Processing a maliciously crafted image may lead to a denial-of-service. |
2025-05-12 |
not yet calculated |
CVE-2025-31226 |
| Apple–tvOS |
The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory. |
2025-05-12 |
not yet calculated |
CVE-2025-31233 |
| Apple–tvOS |
The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory. |
2025-05-12 |
not yet calculated |
CVE-2025-31234 |
| Apple–tvOS |
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. |
2025-05-12 |
not yet calculated |
CVE-2025-31238 |
| Apple–tvOS |
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination. |
2025-05-12 |
not yet calculated |
CVE-2025-31239 |
| Apple–tvOS |
A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination. |
2025-05-12 |
not yet calculated |
CVE-2025-31241 |
| Apple–tvOS |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination. |
2025-05-12 |
not yet calculated |
CVE-2025-31245 |
| Apple–tvOS |
The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. |
2025-05-12 |
not yet calculated |
CVE-2025-31251 |
| Apple–tvOS |
This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
2025-05-12 |
not yet calculated |
CVE-2025-31257 |
| Apple–visionOS |
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination. |
2025-05-12 |
not yet calculated |
CVE-2025-24111 |
| Apple–visionOS |
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura 13.7.6, iOS 18.3 and iPadOS 18.3, tvOS 18.3. An app may be able to leak sensitive kernel state. |
2025-05-12 |
not yet calculated |
CVE-2025-24144 |
| ASUS–Armoury Crate |
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the ‘Security Update for Armoury Crate App’ section on the ASUS Security Advisory for more information. |
2025-05-12 |
not yet calculated |
CVE-2025-1533 |
| Atheos–Atheos |
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for the issue. |
2025-05-15 |
not yet calculated |
CVE-2025-47788 |
| bonigarcia–webdrivermanager |
Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.0.2. |
2025-05-14 |
not yet calculated |
CVE-2025-4641 |
| bytecodealliance–wasm-micro-runtime |
The WebAssembly Micro Runtime’s (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink following vulnerability. On WAMR running in Windows, creating a symlink pointing outside of the preopened directory and subsequently opening it with create flag will create a file on host outside of the sandbox. If the symlink points to an existing host file, it’s also possible to open it and read its content. Version 2.3.0 fixes the issue. |
2025-05-15 |
not yet calculated |
CVE-2025-43853 |
| cap-collectif–cap-collectif |
Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this vulnerability can lead to Remote Code Execution. The vulnerability is fixed in commit 812f2a7d271b76deab1175bdaf2be0b8102dd198. |
2025-05-14 |
not yet calculated |
CVE-2025-47292 |
| Checkmk GmbH–Checkmk |
Privilege escalation in jar_signature agent plugin in Checkmk versions |
2025-05-13 |
not yet calculated |
CVE-2025-32917 |
| davisking–dlib |
Divide By Zero vulnerability in davisking dlib allows remote attackers to cause a denial of service via a crafted file. .This issue affects dlib: before |
2025-05-14 |
not yet calculated |
CVE-2025-4637 |
| Digi International–Digi PortServer TS |
Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: * Digi PortServer TS – prior to and including 82000747_AA, build date 06/17/2022 * Digi One SP/Digi One SP IA/Digi One IA – prior to and including 82000774_Z, build date 10/19/2020 * Digi One IAP – prior to and including 82000770 Z, build date 10/19/2020 A specially crafted POST request to the device’s web interface may allow an unauthenticated attacker to modify configuration settings. |
2025-05-12 |
not yet calculated |
CVE-2025-3659 |
| DomainsPRO–DomainsPRO |
SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint. |
2025-05-13 |
not yet calculated |
CVE-2025-40628 |
| Drupal–COOKiES Consent Management |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.14. |
2025-05-14 |
not yet calculated |
CVE-2025-47703 |
| Drupal–Enterprise MFA – TFA for Drupal |
Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. |
2025-05-14 |
not yet calculated |
CVE-2025-47706 |
| Drupal–Enterprise MFA – TFA for Drupal |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. |
2025-05-14 |
not yet calculated |
CVE-2025-47707 |
| Drupal–Enterprise MFA – TFA for Drupal |
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. |
2025-05-14 |
not yet calculated |
CVE-2025-47708 |
| Drupal–Enterprise MFA – TFA for Drupal |
Missing Authorization vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. |
2025-05-14 |
not yet calculated |
CVE-2025-47709 |
| Drupal–Enterprise MFA – TFA for Drupal |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. |
2025-05-14 |
not yet calculated |
CVE-2025-47710 |
| Drupal–IFrame Remove Filter |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 0.0.0 before 2.0.5. |
2025-05-14 |
not yet calculated |
CVE-2025-47705 |
| Drupal–Klaro Cookie & Consent Management |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.5. |
2025-05-14 |
not yet calculated |
CVE-2025-47704 |
| Drupal–oEmbed Providers |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue affects oEmbed Providers: from 0.0.0 before 2.2.2. |
2025-05-14 |
not yet calculated |
CVE-2025-47702 |
| Drupal–Restrict route by IP |
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0. |
2025-05-14 |
not yet calculated |
CVE-2025-47701 |
| DumbWareio–DumbDrop |
DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into uploading a file with a malicious payload. Commit db27b25372eb9071e63583d8faed2111a2b79f1b fixes the vulnerability. |
2025-05-15 |
not yet calculated |
CVE-2025-47929 |
| emlog–emlog |
Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause `str_replace` to replace the value of `name_orig` with empty, causing deserialization to fail and return `false`. Commit 9643250802188b791419e3c2188577073256a8a2 fixes the issue. |
2025-05-15 |
not yet calculated |
CVE-2025-47784 |
| emlog–emlog |
Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website users to click. In `/admin/comment.php`, the parameter `perpage_num` is not validated and is directly stored in the `admin_commend_perpage_num` field of the `emlog_options` table in the database. Moreover, the output is not filtered, resulting in the direct output of malicious code. As of time of publication, it is unclear if a patch exists. |
2025-05-15 |
not yet calculated |
CVE-2025-47786 |
| emlog–emlog |
Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation allows attackers to execute arbitrary code on the vulnerable system. Version 2.5.10 contains a patch for the issue. |
2025-05-15 |
not yet calculated |
CVE-2025-47787 |
| espocrm–espocrm |
EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base (KB) articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and if they submit their credentials, they get captured in plain text. The vulnerability is allowed by overly permissive HTML editing being allowed on the KB articles. Any authenticated user with the privilege to read KB articles is impacted. In an enterprise with multiple applications, the malicious KB article could be edited to match the login pages of other applications, which would make it useful for credential harvesting against other applications as well. Version 9.0.8 contains a patch for the issue. |
2025-05-12 |
not yet calculated |
CVE-2025-32390 |
| ETHER–FCGI |
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. |
2025-05-16 |
not yet calculated |
CVE-2025-40907 |
| Forescout–SecureConnector |
A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent. This does not impact Linux or OSX Secure Connector. |
2025-05-13 |
not yet calculated |
CVE-2025-4660 |
| getkirby–kirby |
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby->snippet()` method with a dynamic snippet name (such as a snippet name that depends on request or user data). Sites that only use fixed calls to the `snippet()` helper/`$kirby->snippet()` method (i.e. calls with a simple string for the snippet name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the snippets root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic snippet names, such as `snippet(‘tags-‘ . get(‘tags’))`. It generally also requires knowledge of the site structure and the server’s file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, Kirby maintainers have added a check for the snippet path that ensures that the resulting path is contained within the configured snippets root. Snippet paths that point outside of the snippets root will not be loaded. |
2025-05-13 |
not yet calculated |
CVE-2025-30159 |
| getkirby–kirby |
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP’s built-in server. Such setups are commonly only used during local development. Sites that use other server software (such as Apache, nginx or Caddy) are not affected. A missing path traversal check allowed attackers to navigate all files on the server that were accessible to the PHP process, including files outside of the Kirby installation. The vulnerable implementation delegated all existing files to PHP, including existing files outside of the document root. This leads to a different response that allows attackers to determine whether the requested file exists. Because Kirby’s router only delegates such requests to PHP and does not load or execute them, contents of the files were not exposed as PHP treats requests to files outside of the document root as invalid. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have updated the router to check if existing static files are within the document root. Requests to files outside the document root are treated as page requests of the error page and will no longer allow to determine whether the file exists or not. |
2025-05-13 |
not yet calculated |
CVE-2025-30207 |
| getkirby–kirby |
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby->collection()` method with a dynamic collection name (such as a collection name that depends on request or user data). Sites that only use fixed calls to the `collection()` helper/`$kirby->collection()` method (i.e. calls with a simple string for the collection name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the collections root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic collection names, such as `collection(‘tags-‘ . get(‘tags’))`. It generally also requires knowledge of the site structure and the server’s file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have added a check for the collection path that ensures that the resulting path is contained within the configured collections root. Collection paths that point outside of the collections root will not be loaded. |
2025-05-13 |
not yet calculated |
CVE-2025-31493 |
| Google Cloud–Classic Application Load Balancer |
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk, and is no longer exploitable. No action is required as Classic Application Load Balancer service after 2025-04-26 is not vulnerable. |
2025-05-16 |
not yet calculated |
CVE-2025-4600 |
| Google–Chrome |
Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
2025-05-14 |
not yet calculated |
CVE-2025-4664 |
| HumanSignal–label-studio |
Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attacks. The vulnerability is reproducible when sending a properly formatted request to the `POST /projects/upload-example/` endpoint. In the source code, the vulnerability is located at `label_studio/projects/views.py`. Version 1.18.0 contains a patch for the issue. |
2025-05-14 |
not yet calculated |
CVE-2025-47783 |
| Icewarp–Icewarp Mail Server |
Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example ” https://icewarp.domain.com///%2e%2e” https://icewarp.domain.com///%2e%2e” . This vulnerability has been tested in Firefox. |
2025-05-16 |
not yet calculated |
CVE-2025-40630 |
| Icewarp–Icewarp Mail Server |
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected. |
2025-05-16 |
not yet calculated |
CVE-2025-40631 |
| Icewarp–Icewarp Mail Server |
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered. |
2025-05-16 |
not yet calculated |
CVE-2025-40632 |
| Imagination Technologies–Graphics DDK |
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest’s virtualised GPU memory. |
2025-05-17 |
not yet calculated |
CVE-2024-47893 |
| Imagination Technologies–Graphics DDK |
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. |
2025-05-17 |
not yet calculated |
CVE-2025-1706 |
| Jenkins Project–Jenkins Cadence vManager Plugin |
A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. |
2025-05-14 |
not yet calculated |
CVE-2025-47886 |
| Jenkins Project–Jenkins Cadence vManager Plugin |
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. |
2025-05-14 |
not yet calculated |
CVE-2025-47887 |
| Jenkins Project–Jenkins DingTalk Plugin |
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. |
2025-05-14 |
not yet calculated |
CVE-2025-47888 |
| Jenkins Project–Jenkins Health Advisor by CloudBees Plugin |
Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses. |
2025-05-14 |
not yet calculated |
CVE-2025-47885 |
| Jenkins Project–Jenkins OpenID Connect Provider Plugin |
In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a trusted job, potentially gaining unauthorized access to external services. |
2025-05-14 |
not yet calculated |
CVE-2025-47884 |
| Jenkins Project–Jenkins WSO2 Oauth Plugin |
In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the “WSO2 Oauth” security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist. |
2025-05-14 |
not yet calculated |
CVE-2025-47889 |
| julmud–phpDVDProfiler |
julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos’s DVDProfiler software. Starting in v_20230807 and prior to v_20250511, cross-site scripting in the search function. v_20250511 contains a patch for the issue. |
2025-05-12 |
not yet calculated |
CVE-2025-46729 |
| justinas–nosurf |
nosurf is cross-site request forgery (CSRF) protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site (either via XSS, or otherwise) to bypass CSRF checks and issue requests on user’s behalf. Due to misuse of the Go `net/http` library, nosurf categorizes all incoming requests as plain-text HTTP requests, in which case the `Referer` header is not checked to have the same origin as the target webpage. If the attacker has control over HTML contents on either the target website (e.g. `example.com`), or on a website hosted on a subdomain of the target (e.g. `attacker.example.com`), they will also be able to manipulate cookies set for the target website. By acquiring the secret CSRF token from the cookie, or overriding the cookie with a new token known to the attacker, `attacker.example.com` is able to craft cross-site requests to `example.com`. A patch for the issue was released in nosurf 1.2.0. In lieu of upgrading to a patched version of nosurf, users may additionally use another HTTP middleware to ensure that a non-safe HTTP request is coming from the same origin (e.g. by requiring a `Sec-Fetch-Site: same-origin` header in the request). |
2025-05-13 |
not yet calculated |
CVE-2025-46721 |
| kanboard–kanboard |
Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationController&action=create` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Note that the default content security policy (CSP) blocks the JavaScript attack, though it can be exploited if an instance is badly configured and the software is vulnerable to CSS injection because of the unsafe-inline on the default CSP. Version 1.2.45 contains a fix for the issue. |
2025-05-12 |
not yet calculated |
CVE-2025-46825 |
| librenms–librenms |
LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. LibreNMS v25.5.0 contains a patch for the issue. |
2025-05-17 |
not yet calculated |
CVE-2025-47931 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() In dw2102_i2c_transfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach dw2102_i2c_transfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 950e252cb469 (“[media] dw2102: limit messages to buffer size”) |
2025-05-14 |
not yet calculated |
CVE-2023-53146 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard’s report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn’t inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won’t insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/ |
2025-05-16 |
not yet calculated |
CVE-2025-37890 |
| Lleidanet PKI–eSigna |
Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers. |
2025-05-15 |
not yet calculated |
CVE-2025-4762 |
| MONGODB–BSON::XS |
BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB’s BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported. |
2025-05-16 |
not yet calculated |
CVE-2025-40906 |
| motioneye-project–motioneye |
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually. |
2025-05-14 |
not yet calculated |
CVE-2025-47782 |
| Mozilla–Thunderbird |
Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value “Spoofed Name “, Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird |
2025-05-14 |
not yet calculated |
CVE-2025-3875 |
| Mozilla–Thunderbird |
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user’s desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird |
2025-05-14 |
not yet calculated |
CVE-2025-3877 |
| Mozilla–Thunderbird |
Thunderbird’s handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability affects Thunderbird |
2025-05-14 |
not yet calculated |
CVE-2025-3909 |
| Mozilla–Thunderbird |
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird |
2025-05-14 |
not yet calculated |
CVE-2025-3932 |
| n/a–n/a |
An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords. |
2025-05-12 |
not yet calculated |
CVE-2023-34732 |
| n/a–n/a |
seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go. |
2025-05-16 |
not yet calculated |
CVE-2024-40120 |
| n/a–n/a |
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user’s session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, including malformed ![]() tags with embedded JavaScript. The vulnerability is triggered when a user views a specially crafted email in the Classic UI, requiring no additional user interaction. |
2025-05-14 |
not yet calculated |
CVE-2024-45516 |
| n/a–n/a |
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read. |
2025-05-15 |
not yet calculated |
CVE-2024-52877 |
| n/a–n/a |
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_>SetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read. |
2025-05-15 |
not yet calculated |
CVE-2024-52878 |
| n/a–n/a |
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SmmUpdateVariablePropertySmi () is a SMM callback function and it uses StrCmp () to compare variable names. This action may cause a buffer over-read. |
2025-05-15 |
not yet calculated |
CVE-2024-52879 |
| n/a–n/a |
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SecureBootHandler uses DataSize and VariableNameSize when determining if the data or name are in the buffer, but these are supplied by the caller and therefore cannot be trusted. |
2025-05-15 |
not yet calculated |
CVE-2024-52880 |
| n/a–n/a |
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in widgets/log.widget.php. |
2025-05-14 |
not yet calculated |
CVE-2024-54779 |
| n/a–n/a |
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting arbitrary OpenVPN management commands via the remipp parameter. |
2025-05-14 |
not yet calculated |
CVE-2024-54780 |
| n/a–n/a |
An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a crafted file. |
2025-05-12 |
not yet calculated |
CVE-2024-55466 |
| n/a–n/a |
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes. |
2025-05-14 |
not yet calculated |
CVE-2024-55569 |
| n/a–n/a |
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds access via malformed RRC packets to the target. |
2025-05-14 |
not yet calculated |
CVE-2024-56427 |
| n/a–n/a |
Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method. |
2025-05-12 |
not yet calculated |
CVE-2024-56523 |
| n/a–n/a |
Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by adding a special character to the request. |
2025-05-12 |
not yet calculated |
CVE-2024-56524 |
| n/a–n/a |
An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error. |
2025-05-13 |
not yet calculated |
CVE-2024-56526 |
| n/a–n/a |
An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file. |
2025-05-14 |
not yet calculated |
CVE-2024-57096 |
| n/a–n/a |
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized “reason” field and a derivable device key generated from the public SSH key. |
2025-05-14 |
not yet calculated |
CVE-2024-57273 |
| n/a–n/a |
Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered a low severity vulnerability by the vendor. |
2025-05-14 |
not yet calculated |
CVE-2024-58101 |
| n/a–n/a |
An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function. |
2025-05-14 |
not yet calculated |
CVE-2025-25370 |
| n/a–n/a |
An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, W1000, Modem 5300, and Modem 5400. Incorrect handling of undefined values leads to a Denial of Service. |
2025-05-14 |
not yet calculated |
CVE-2025-26783 |
| n/a–n/a |
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes. |
2025-05-14 |
not yet calculated |
CVE-2025-26784 |
| n/a–n/a |
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes. |
2025-05-14 |
not yet calculated |
CVE-2025-26785 |
| n/a–n/a |
Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload. |
2025-05-12 |
not yet calculated |
CVE-2025-26841 |
| n/a–n/a |
An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. |
2025-05-12 |
not yet calculated |
CVE-2025-26846 |
| n/a–n/a |
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds reads via malformed NAS packets. |
2025-05-14 |
not yet calculated |
CVE-2025-27891 |
| n/a–n/a |
upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit |
2025-05-13 |
not yet calculated |
CVE-2025-28055 |
| n/a–n/a |
rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component. |
2025-05-13 |
not yet calculated |
CVE-2025-28056 |
| n/a–n/a |
owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_order. |
2025-05-13 |
not yet calculated |
CVE-2025-28057 |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java. |
2025-05-14 |
not yet calculated |
CVE-2025-29686 |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java. |
2025-05-14 |
not yet calculated |
CVE-2025-29688 |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java. |
2025-05-14 |
not yet calculated |
CVE-2025-29689 |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java. |
2025-05-14 |
not yet calculated |
CVE-2025-29690 |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java. |
2025-05-14 |
not yet calculated |
CVE-2025-29691 |
| n/a–n/a |
mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data. |
2025-05-14 |
not yet calculated |
CVE-2025-32363 |
| n/a–n/a |
Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor. |
2025-05-16 |
not yet calculated |
CVE-2025-32407 |
| n/a–n/a |
An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism. |
2025-05-12 |
not yet calculated |
CVE-2025-44022 |
| n/a–n/a |
Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process |
2025-05-14 |
not yet calculated |
CVE-2025-44024 |
| n/a–n/a |
CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive information without any authentication. |
2025-05-13 |
not yet calculated |
CVE-2025-44039 |
| n/a–n/a |
FluxBB 1.5.11 is vulnerable to Cross Site Scripting (XSS) in via the Forum Description Field in admin_forums.php. |
2025-05-15 |
not yet calculated |
CVE-2025-44110 |
| n/a–n/a |
Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function. |
2025-05-12 |
not yet calculated |
CVE-2025-44175 |
| n/a–n/a |
Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. |
2025-05-12 |
not yet calculated |
CVE-2025-44176 |
| n/a–n/a |
Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit-brand.php?bid={brandId}. |
2025-05-15 |
not yet calculated |
CVE-2025-44180 |
| n/a–n/a |
Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/add-brand.php via the brandname parameter. |
2025-05-15 |
not yet calculated |
CVE-2025-44181 |
| n/a–n/a |
Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, enginenumber’ in the /admin/edit-vehicle.php component. This allows attackers to execute arbitrary code. |
2025-05-15 |
not yet calculated |
CVE-2025-44182 |
| n/a–n/a |
Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the name, email, and mobile parameters. |
2025-05-15 |
not yet calculated |
CVE-2025-44183 |
| n/a–n/a |
SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters. |
2025-05-14 |
not yet calculated |
CVE-2025-44184 |
| n/a–n/a |
SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/change_pass.php via the password parameter. |
2025-05-15 |
not yet calculated |
CVE-2025-44185 |
| n/a–n/a |
SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page. |
2025-05-14 |
not yet calculated |
CVE-2025-44186 |
| n/a–n/a |
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface. |
2025-05-12 |
not yet calculated |
CVE-2025-44830 |
| n/a–n/a |
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. |
2025-05-13 |
not yet calculated |
CVE-2025-44831 |
| n/a–n/a |
WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
2025-05-14 |
not yet calculated |
CVE-2025-44879 |
| n/a–n/a |
In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. |
2025-05-13 |
not yet calculated |
CVE-2025-45746 |
| n/a–n/a |
Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter. |
2025-05-12 |
not yet calculated |
CVE-2025-45779 |
| n/a–n/a |
A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENT_LENGTH, causing the program to crash and potentially leading to a denial-of-service (DoS) attack. |
2025-05-12 |
not yet calculated |
CVE-2025-45835 |
| n/a–n/a |
EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function. |
2025-05-13 |
not yet calculated |
CVE-2025-45857 |
| n/a–n/a |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. |
2025-05-13 |
not yet calculated |
CVE-2025-45858 |
| n/a–n/a |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface. |
2025-05-13 |
not yet calculated |
CVE-2025-45859 |
| n/a–n/a |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface. |
2025-05-13 |
not yet calculated |
CVE-2025-45861 |
| n/a–n/a |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface. |
2025-05-13 |
not yet calculated |
CVE-2025-45863 |
| n/a–n/a |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface. |
2025-05-13 |
not yet calculated |
CVE-2025-45864 |
| n/a–n/a |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface. |
2025-05-13 |
not yet calculated |
CVE-2025-45865 |
| n/a–n/a |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface. |
2025-05-13 |
not yet calculated |
CVE-2025-45866 |
| n/a–n/a |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface. |
2025-05-13 |
not yet calculated |
CVE-2025-45867 |
| n/a–n/a |
An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php |
2025-05-15 |
not yet calculated |
CVE-2025-46052 |
| n/a–n/a |
A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php |
2025-05-15 |
not yet calculated |
CVE-2025-46053 |
| n/a–n/a |
ARTEC EMA Mail 6.92 allows CSRF. |
2025-05-12 |
not yet calculated |
CVE-2025-46610 |
| n/a–n/a |
Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an attacker to execute arbitrary code via a crafted script. |
2025-05-12 |
not yet calculated |
CVE-2025-46611 |
| n/a–n/a |
An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF). |
2025-05-13 |
not yet calculated |
CVE-2025-47204 |
| Naukowa i Akademicka Sie Komputerowa – Pastwowy Instytut Badawczy–EZD RP |
Unauthorized access to “/api/Token/gettoken” endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 (published on 22nd August 2024). |
2025-05-14 |
not yet calculated |
CVE-2025-4430 |
| ollama–ollama/ollama |
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash. |
2025-05-16 |
not yet calculated |
CVE-2025-1975 |
| OpenText–Advance Authentication |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5 |
2025-05-14 |
not yet calculated |
CVE-2024-10864 |
| OpenText–Advance Authentication |
Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5. |
2025-05-14 |
not yet calculated |
CVE-2024-10865 |
| OPKSSH–OPKSSH |
Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. |
2025-05-13 |
not yet calculated |
CVE-2025-3757 |
| OPKSSH–OPKSSH |
Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication. |
2025-05-13 |
not yet calculated |
CVE-2025-4658 |
| OPSWAT–MetaDefender Endpoint Security SDK |
An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtectâ„¢ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit. |
2025-05-14 |
not yet calculated |
CVE-2025-0131 |
| OZI-Project–publish |
The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code. This is patched in 1.13.6. As a workaround, one may downgrade to a version prior to 1.13.2. |
2025-05-12 |
not yet calculated |
CVE-2025-47271 |
| pallets–flask |
Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous` library. A list of keys can be passed, and it expects the last (top) key in the list to be the most recent key, and uses that for signing. Flask was incorrectly constructing that list in reverse, passing the signing key first. Sites that have opted-in to use key rotation by setting `SECRET_KEY_FALLBACKS` care likely to unexpectedly be signing their sessions with stale keys, and their transition to fresher keys will be impeded. Sessions are still signed, so this would not cause any sort of data integrity loss. Version 3.1.1 contains a patch for the issue. |
2025-05-13 |
not yet calculated |
CVE-2025-47278 |
| Palo Alto Networks–Cloud NGFW |
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access. |
2025-05-14 |
not yet calculated |
CVE-2025-0130 |
| Palo Alto Networks–Cloud NGFW |
Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Cloud NGFWs, Prisma® Access instances, or PAN-OS VM-Series firewalls. NOTE: The AES-128-CCM encryption algorithm is not recommended for use. |
2025-05-14 |
not yet calculated |
CVE-2025-0136 |
| Palo Alto Networks–Cloud NGFW |
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . |
2025-05-14 |
not yet calculated |
CVE-2025-0137 |
| Palo Alto Networks–Cortex XDR Broker VM |
A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM. The attacker must have network access to the Broker VM to exploit this issue. |
2025-05-14 |
not yet calculated |
CVE-2025-0132 |
| Palo Alto Networks–Cortex XDR Broker VM |
A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM. |
2025-05-14 |
not yet calculated |
CVE-2025-0134 |
| Palo Alto Networks–GlobalProtect App |
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtectâ„¢ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. |
2025-05-14 |
not yet calculated |
CVE-2025-0135 |
| Palo Alto Networks–PAN-OS |
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtectâ„¢ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user’s browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft-particularly if you enabled Clientless VPN. There is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use this vulnerability to tamper with or modify contents or configurations of the GlobalProtect portal or gateways. The integrity impact of this vulnerability is limited to enabling an attacker to create phishing and credential-stealing links that appear to be hosted on the GlobalProtect portal. For GlobalProtect users with Clientless VPN enabled, there is a limited impact on confidentiality due to inherent risks of Clientless VPN that facilitate credential theft. You can read more about this risk in the informational bulletin PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 . There is no impact to confidentiality for GlobalProtect users if you did not enable (or you disable) Clientless VPN. |
2025-05-14 |
not yet calculated |
CVE-2025-0133 |
| Palo Alto Networks–Prisma Cloud Compute Edition |
Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue. |
2025-05-14 |
not yet calculated |
CVE-2025-0138 |
| Peergos–Peergos |
CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0. |
2025-05-14 |
not yet calculated |
CVE-2025-4639 |
| PNETLab–PNETLab |
PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically, the application is vulnerable to requests that access sensitive files outside the intended directory. |
2025-05-16 |
not yet calculated |
CVE-2025-40629 |
| PointCloudLibrary–pcl |
A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib. |
2025-05-14 |
not yet calculated |
CVE-2025-4638 |
| PointCloudLibrary–pcl |
Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib. |
2025-05-14 |
not yet calculated |
CVE-2025-4640 |
| pypa–setuptools |
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue. |
2025-05-17 |
not yet calculated |
CVE-2025-47273 |
| Python Software Foundation–CPython |
There is an issue in CPython when using `bytes.decode(“unicode_escape”, error=”ignore|replace”)`. If you are not using the “unicode_escape” encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError. |
2025-05-15 |
not yet calculated |
CVE-2025-4516 |
| Ricoh Company, Ltd.–The specific versions of laser printers and MFPs which implement Web Image Monitor |
Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendor under [References]. |
2025-05-12 |
not yet calculated |
CVE-2025-41393 |
| Schneider Electric–EcoStruxure Power Build Rapsody software |
CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file (SSD file) provided by the attacker. |
2025-05-13 |
not yet calculated |
CVE-2025-3916 |
| SonicWall–SMA1000 |
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location. |
2025-05-14 |
not yet calculated |
CVE-2025-40595 |
| stacklok–toolhive |
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart stopped containers. This means that an attacker who has access to the home folder of the user who starts the MCP server can read secrets without needing access to the secrets store itself. This only applies to secrets which were used in containers whose run configs exist at a point in time – other secrets remaining inaccessible. ToolHive 0.0.33 fixes the issue. Some workarounds are available. Stop and delete any running MCP servers, or manually remove any runconfigs from `$HOME/Library/Application Support/toolhive/runconfigs/` (macOS) or `$HOME/.state/toolhive/runconfigs/` (Linux). |
2025-05-12 |
not yet calculated |
CVE-2025-47274 |
| sulu–sulu |
Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has been patched in versions 2.6.9, 2.5.25, and 3.0.0-alpha3. As a workaround, one may patch the effect file `src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php` manually. |
2025-05-14 |
not yet calculated |
CVE-2025-47778 |
| TECNO–com.transsion.aivoiceassistant |
Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information leakage. |
2025-05-15 |
not yet calculated |
CVE-2025-4737 |
| The GNU C Library–glibc |
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). |
2025-05-16 |
not yet calculated |
CVE-2025-4802 |
| The Qt Company–Qt |
Improper Link Resolution Before File Access (‘Link Following’) vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPath API, which can be exploited by attackers to manipulate temporary file paths, potentially leading to unauthorized access and privilege escalation. The affected public API in the Qt Framework is QDir::tempPath() and anything that uses it, such as QStandardPaths with TempLocation, QTemporaryDir, and QTemporaryFile.This issue affects all version of Qt up to and including 5.15.18, from 6.0.0 through 6.5.8, from 6.6.0 through 6.8.1. It is fixed in Qt 5.15.19, Qt 6.5.9, Qt 6.8.2, 6.9.0 |
2025-05-16 |
not yet calculated |
CVE-2025-4211 |
| umbraco–Umbraco.Forms.Issues |
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the ‘Send email’ workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address, potentially bypassing spam and email client security systems. This issue affects all (supported) versions Umbraco Forms and is patched in 13.4.2 and 15.1.2. Unpatched or unsupported versions can workaround this issue by using the `Send email with template (Razor)` workflow instead or writing a custom workflow type. To avoid accidentally using the vulnerable workflow again, the `SendEmail` workflow type can be removed using a composer available in the GitHub Security Advisory for this vulnerability. |
2025-05-13 |
not yet calculated |
CVE-2025-47280 |
| Unknown–360 Product Rotation |
The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. |
2025-05-15 |
not yet calculated |
CVE-2024-13823 |
| Unknown–aBitGone CommentSafe |
The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. |
2025-05-15 |
not yet calculated |
CVE-2023-7174 |
| Unknown–Add SVG Support for Media Uploader | inventivo |
The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. |
2025-05-15 |
not yet calculated |
CVE-2023-7088 |
| Unknown–Advance Post Prefix |
The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post Prefix WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
2025-05-15 |
not yet calculated |
CVE-2024-12734 |
| Unknown–Advance Post Prefix |
The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks |
2025-05-15 |
not yet calculated |
CVE-2024-12735 |
| Unknown–Advanced Cron Manager |
The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-4004 |
| Unknown–Advanced Page Visit Counter |
The Advanced Page Visit Counter WordPress plugin before 8.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2023-5529 |
| Unknown–Advanced Schedule Posts |
The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins. |
2025-05-15 |
not yet calculated |
CVE-2024-0249 |
| Unknown–AffiliateImporterEb |
The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
2025-05-15 |
not yet calculated |
CVE-2024-12732 |
| Unknown–AffiliateImporterEb |
The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
2025-05-15 |
not yet calculated |
CVE-2024-12733 |
| Unknown–AHAthat Plugin |
The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks. |
2025-05-15 |
not yet calculated |
CVE-2024-11269 |
| Unknown–AI ChatBot for WordPress |
The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2025-0329 |
| Unknown–Ajax Search Lite |
The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-8619 |
| Unknown–Allow SVG |
The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. |
2025-05-15 |
not yet calculated |
CVE-2023-6541 |
| Unknown–ApplyOnline |
The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain |
2025-05-15 |
not yet calculated |
CVE-2024-10098 |
| Unknown–Auto Affiliate Links |
The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks |
2025-05-15 |
not yet calculated |
CVE-2024-9838 |
| Unknown–Auto Prune Posts |
The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-10639 |
| Unknown–AVIF Uploader |
The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. |
2025-05-15 |
not yet calculated |
CVE-2024-9238 |
| Unknown–AWeber |
The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13313 |
| Unknown–BabelZ |
The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. |
2025-05-15 |
not yet calculated |
CVE-2024-8095 |
| Unknown–Backup Database |
The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-8702 |
| Unknown–Badgearoo |
The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
2025-05-15 |
not yet calculated |
CVE-2024-13828 |
| Unknown–Badgearoo |
The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2025-1033 |
| Unknown–Better Follow Button for Jetpack |
The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2023-7168 |
| Unknown–BTEV |
The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-10677 |
| Unknown–buddyboss-platform |
The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts |
2025-05-15 |
not yet calculated |
CVE-2024-12767 |
| Unknown–Calculated Fields Form |
The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13382 |
| Unknown–Carousel, Slider, Gallery by WP Carousel |
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-4002 |
| Unknown–Clasify Classified Listing |
The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
2025-05-15 |
not yet calculated |
CVE-2024-12725 |
| Unknown–ClickSold IDX |
The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-7769 |
| Unknown–ClipArt |
The ClipArt WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
2025-05-15 |
not yet calculated |
CVE-2024-12726 |
| Unknown–CM Tooltip Glossary |
The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-5026 |
| Unknown–Competition Form |
The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-12750 |
| Unknown–Connexion Logs |
The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks |
2025-05-15 |
not yet calculated |
CVE-2024-11372 |
| Unknown–Connexion Logs |
The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-11373 |
| Unknown–Contact Form builder with drag & drop for WordPress |
The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks. |
2025-05-16 |
not yet calculated |
CVE-2025-3201 |
| Unknown–Contact Form, Survey, Quiz & Popup Form Builder |
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. |
2025-05-15 |
not yet calculated |
CVE-2024-10504 |
| Unknown–coreActivity: Activity Logging for WordPress |
The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin |
2025-05-15 |
not yet calculated |
CVE-2024-0852 |
| Unknown–Countdown Timer for WordPress Block Editor |
The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. |
2025-05-15 |
not yet calculated |
CVE-2024-10631 |
| Unknown–CSV Mass Importer |
The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) |
2025-05-17 |
not yet calculated |
CVE-2025-4190 |
| Unknown–CTT Expresso para WooCommerce |
The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-6478 |
| Unknown–Custom Author Base |
The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-8050 |
| Unknown–Custom Field Manager |
The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
2025-05-15 |
not yet calculated |
CVE-2024-12873 |
| Unknown–CYAN Backup |
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-9662 |
| Unknown–CYAN Backup |
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-9663 |
| Unknown–Ditty |
The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13357 |
| Unknown–DL Robots.txt |
The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-6797 |
| Unknown–DL Verification |
The DL Verification WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-6798 |
| Unknown–DL Yandex Metrika |
The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-6462 |
| Unknown–Download HTML TinyMCE Button |
The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
2025-05-15 |
not yet calculated |
CVE-2025-1286 |
| Unknown–Download Manager |
The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
2025-05-15 |
not yet calculated |
CVE-2024-8284 |
| Unknown–Easy Property Listings |
The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-2869 |
| Unknown–edd-google-sheet-connector-pro |
The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2023-2334 |
| Unknown–EKC Tournament Manager |
The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-9709 |
| Unknown–EKC Tournament Manager |
The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-9711 |
| Unknown–EKC Tournament Manager |
The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory |
2025-05-15 |
not yet calculated |
CVE-2024-9765 |
| Unknown–Event Calendar |
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars. |
2025-05-15 |
not yet calculated |
CVE-2024-8700 |
| Unknown–Event Tickets with Ticket Scanner |
The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks |
2025-05-15 |
not yet calculated |
CVE-2024-6711 |
| Unknown–EventPrime |
The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce. |
2025-05-15 |
not yet calculated |
CVE-2024-4665 |
| Unknown–events-calendar |
The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-8701 |
| Unknown–Everest Forms |
The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-8542 |
| Unknown–Firelight Lightbox |
The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well. |
2025-05-12 |
not yet calculated |
CVE-2025-3597 |
| Unknown–Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme |
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-2643 |
| Unknown–Form Maker by 10Web |
The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13053 |
| Unknown–Free Booking Plugin for Hotels, Restaurants and Car Rentals |
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-9450 |
| Unknown–Full Screen (Page) Background Image Slideshow |
The Full Screen (Page) Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-11221 |
| Unknown–FunnelKit |
The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks |
2025-05-15 |
not yet calculated |
CVE-2025-2203 |
| Unknown–GamiPress |
The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-8245 |
| Unknown–Genesis Blocks |
The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks. |
2025-05-15 |
not yet calculated |
CVE-2024-3901 |
| Unknown–Geocache Stat Bar Widget |
The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-11266 |
| Unknown–Giveaways and Contests by RafflePress |
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-10107 |
| Unknown–Happyforms |
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-10054 |
| Unknown–HD Quiz |
The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13383 |
| Unknown–Hubbub Lite |
The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-10145 |
| Unknown–Hustle |
The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
2025-05-15 |
not yet calculated |
CVE-2024-8492 |
| Unknown–Icegram Engage |
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13482 |
| Unknown–Icegram Engage |
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13486 |
| Unknown–If-So Dynamic Content Personalization |
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. |
2025-05-15 |
not yet calculated |
CVE-2024-5440 |
| Unknown–illi Link Party! |
The illi Link Party! WordPress plugin through 1.0 does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks. |
2025-05-15 |
not yet calculated |
CVE-2023-7228 |
| Unknown–illi Link Party! |
The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. |
2025-05-15 |
not yet calculated |
CVE-2023-7229 |
| Unknown–illi Link Party! |
The illi Link Party! WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks. |
2025-05-15 |
not yet calculated |
CVE-2023-7230 |
| Unknown–illi Link Party! |
The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links. |
2025-05-15 |
not yet calculated |
CVE-2023-7231 |
| Unknown–ImageMagick Engine |
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the “cli_path” parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code execution. |
2025-05-15 |
not yet calculated |
CVE-2024-6486 |
| Unknown–IP Based Login |
The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-12800 |
| Unknown–JavaScript Logic |
The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. |
2025-05-15 |
not yet calculated |
CVE-2024-8090 |
| Unknown–Jetpack |
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block. |
2025-05-15 |
not yet calculated |
CVE-2024-10075 |
| Unknown–Jetpack |
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks |
2025-05-15 |
not yet calculated |
CVE-2024-10076 |
| Unknown–Jetpack Boost |
The ‘wp_ajax_boost_proxy_ig’ action allows administrators to make GET requests to arbitrary URLs. |
2025-05-15 |
not yet calculated |
CVE-2024-6584 |
| Unknown–Joy Of Text Lite |
The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-7984 |
| Unknown–JSFiddle Shortcode |
The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. |
2025-05-15 |
not yet calculated |
CVE-2024-10818 |
| Unknown–JSP Store Locator |
The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks. |
2025-05-15 |
not yet calculated |
CVE-2024-11267 |
| Unknown–JSP Store Locator |
The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. |
2025-05-15 |
not yet calculated |
CVE-2024-12301 |
| Unknown–jwp-a11y |
The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-11190 |
| Unknown–KBucket: Your Curated Content in WordPress |
The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-6665 |
| Unknown–KBucket: Your Curated Content in WordPress |
The KBucket: Your Curated Content in WordPress plugin before 4.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin. |
2025-05-15 |
not yet calculated |
CVE-2024-6667 |
| Unknown–LearnPress |
The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13127 |
| Unknown–LearnPress |
The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13128 |
| Unknown–LifterLMS |
The LifterLMS WordPress plugin before 8.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
2025-05-15 |
not yet calculated |
CVE-2024-13619 |
| Unknown–LightPress Lightbox |
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks. |
2025-05-12 |
not yet calculated |
CVE-2025-3649 |
| Unknown–LogDash Activity Log |
The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn’t escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploited using time-based technique by unauthenticated attacker |
2025-05-15 |
not yet calculated |
CVE-2023-6030 |
| Unknown–Logo Slider |
The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-9233 |
| Unknown–MailPoet |
The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-12743 |
| Unknown–MapFig Studio |
The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-6712 |
| Unknown–MapPress Maps for WordPress |
The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-8620 |
| Unknown–Marketing Twitter Bot |
The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2023-7197 |
| Unknown–Maspik |
The Maspik WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. |
2025-05-15 |
not yet calculated |
CVE-2024-9182 |
| Unknown–MB Custom Post Types & Custom Taxonomies |
The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-10143 |
| Unknown–Melapress File Monitor |
The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks |
2025-05-15 |
not yet calculated |
CVE-2024-10009 |
| Unknown–Melapress File Monitor |
The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks |
2025-05-15 |
not yet calculated |
CVE-2024-9879 |
| Unknown–MemberSpace |
The MemberSpace WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. |
2025-05-15 |
not yet calculated |
CVE-2024-13727 |
| Unknown–Mobile Contact Bar |
The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-12739 |
| Unknown–Nested Pages |
The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-8759 |
| Unknown–Ninja Pages |
The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2025-1454 |
| Unknown–Nokaut Offers Box |
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-10632 |
| Unknown–Nokaut Offers Box |
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-10634 |
| Unknown–Ntz Antispam |
The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-8094 |
| Unknown–Offload Videos |
The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-6719 |
| Unknown–Page Builder: Pagelayer |
The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
2025-05-15 |
not yet calculated |
CVE-2024-8426 |
| Unknown–Page Builder: Pagelayer |
The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-8618 |
| Unknown–Panorama |
The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-11843 |
| Unknown–Payment Gateway for Telcell |
The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue |
2025-05-15 |
not yet calculated |
CVE-2023-6786 |
| Unknown–PeoplePond |
The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. |
2025-05-15 |
not yet calculated |
CVE-2024-8085 |
| Unknown–Photo Gallery by 10Web |
The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-8670 |
| Unknown–Photo Gallery, Images, Slider in Rbs Image Gallery |
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-10144 |
| Unknown–Photo Gallery, Images, Slider in Rbs Image Gallery |
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13384 |
| Unknown–Planning Center Online Giving |
The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. |
2025-05-15 |
not yet calculated |
CVE-2024-11502 |
| Unknown–Plugin Oficial |
The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2025-1289 |
| Unknown–Plugin Oficial |
The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. |
2025-05-15 |
not yet calculated |
CVE-2025-1303 |
| Unknown–Podlove Podcast Publisher |
The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13729 |
| Unknown–Podlove Podcast Publisher |
The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13730 |
| Unknown–Polls CP |
The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup). |
2025-05-15 |
not yet calculated |
CVE-2024-8851 |
| Unknown–Polls CP |
The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup). |
2025-05-15 |
not yet calculated |
CVE-2024-8854 |
| Unknown–Popup Box |
The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-9599 |
| Unknown–Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry |
The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. |
2025-05-15 |
not yet calculated |
CVE-2024-9645 |
| Unknown–PowerPress Podcasting plugin by Blubrry |
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. |
2025-05-15 |
not yet calculated |
CVE-2024-9227 |
| Unknown–Prisna GWT |
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-12679 |
| Unknown–Prisna GWT |
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-12680 |
| Unknown–ProfilePro |
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks |
2025-05-15 |
not yet calculated |
CVE-2024-6668 |
| Unknown–Push Notification for Post and BuddyPress |
The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection |
2025-05-15 |
not yet calculated |
CVE-2024-6159 |
| Unknown–PVN Auth Popup |
The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-6713 |
| Unknown–PVN Auth Popup |
The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks |
2025-05-15 |
not yet calculated |
CVE-2024-6718 |
| Unknown–PWA for WP |
The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-7759 |
| Unknown–Quiz Maker |
The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-8617 |
| Unknown–Real WP Shop Lite Ajax eCommerce Shopping Cart |
The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-11140 |
| Unknown–RegistrationMagic |
The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-9390 |
| Unknown–Responsive Contact Form Builder & Lead Generation Plugin |
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-10475 |
| Unknown–Responsive Gallery Grid |
The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
2025-05-15 |
not yet calculated |
CVE-2024-4091 |
| Unknown–Responsive Lightbox & Gallery |
The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. |
2025-05-15 |
not yet calculated |
CVE-2025-3742 |
| Unknown–S3Player |
The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. |
2025-05-15 |
not yet calculated |
CVE-2024-13865 |
| Unknown–Sailthru Triggermail |
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-11141 |
| Unknown–Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses |
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-9882 |
| Unknown–Save as Image Plugin by Pdfcrowd |
The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-3062 |
| Unknown–Secure Downloads |
The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php. |
2025-05-15 |
not yet calculated |
CVE-2024-8031 |
| Unknown–Sensei LMS |
The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page |
2025-05-15 |
not yet calculated |
CVE-2024-8009 |
| Unknown–Simple Basic Contact Form |
The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-12716 |
| Unknown–Simple Job Board |
In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor |
2025-05-15 |
not yet calculated |
CVE-2024-7761 |
| Unknown–Simple Job Board |
The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes |
2025-05-15 |
not yet calculated |
CVE-2024-7762 |
| Unknown–Simple Lightbox |
The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. |
2025-05-16 |
not yet calculated |
CVE-2025-3516 |
| Unknown–Simple Nav Archives |
The Simple Nav Archives WordPress plugin through 2.1.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-8398 |
| Unknown–Simple Share |
The Simple Share WordPress plugin through 0.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-7556 |
| Unknown–Simple Video Directory |
The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. |
2025-05-15 |
not yet calculated |
CVE-2024-6809 |
| Unknown–Smart Post Show |
The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-3996 |
| Unknown–Smart Post Show |
The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-8187 |
| Unknown–Smooth Gallery Replacement |
The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. |
2025-05-15 |
not yet calculated |
CVE-2024-8032 |
| Unknown–Social Media Share Buttons & Social Sharing Icons |
The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-10362 |
| Unknown–Social Share And Social Locker |
The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-11189 |
| Unknown–Social Slider Feed |
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-10149 |
| Unknown–Spiritual Gifts Survey (and optional S.H.A.P.E survey) |
The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. |
2025-05-15 |
not yet calculated |
CVE-2025-0687 |
| Unknown–Spiritual Gifts Survey (and optional S.H.A.P.E survey) |
The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. |
2025-05-15 |
not yet calculated |
CVE-2025-0688 |
| Unknown–Stylish Price List |
The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow high privilege users of contributor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-7758 |
| Unknown–SVG Uploads Support |
The SVG Uploads Support WordPress plugin through 2.1.1 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. |
2025-05-15 |
not yet calculated |
CVE-2023-7086 |
| Unknown–tarteaucitron-wp |
The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. |
2025-05-15 |
not yet calculated |
CVE-2024-11718 |
| Unknown–tarteaucitron-wp |
The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. |
2025-05-15 |
not yet calculated |
CVE-2024-11719 |
| Unknown–Taskbuilder |
The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks |
2025-05-15 |
not yet calculated |
CVE-2024-9831 |
| Unknown–Team |
The Team WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-9236 |
| Unknown–The Events Calendar |
The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-8493 |
| Unknown–The GDPR Framework By Data443 |
The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13621 |
| Unknown–Top Comments |
The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-12874 |
| Unknown–Tracking Code Manager |
The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-6335 |
| Unknown–Travelpayouts: All Travel Brands in One Place |
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin |
2025-05-15 |
not yet calculated |
CVE-2023-5932 |
| Unknown–Travelpayouts: All Travel Brands in One Place |
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2023-5934 |
| Unknown–Twitter Bootstrap Collapse aka Accordian Shortcode |
The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. |
2025-05-15 |
not yet calculated |
CVE-2024-12722 |
| Unknown–TwitterPosts |
The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2023-7297 |
| Unknown–Ultimate Noindex Nofollow Tool |
The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2023-7196 |
| Unknown–Ultimate Noindex Nofollow Tool II |
The Ultimate Noindex Nofollow Tool II WordPress plugin before 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-1663 |
| Unknown–User Activity Tracking and Log |
This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. |
2025-05-15 |
not yet calculated |
CVE-2024-0970 |
| Unknown–User Profile Builder |
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks. |
2025-05-15 |
not yet calculated |
CVE-2024-6708 |
| Unknown–VikBooking Hotel Booking Engine & PMS |
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-13616 |
| Unknown–wccp-pro |
The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites |
2025-05-15 |
not yet calculated |
CVE-2024-6690 |
| Unknown–wccp-pro |
The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-6693 |
| Unknown–webtoffee-gdpr-cookie-consent |
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks |
2025-05-15 |
not yet calculated |
CVE-2024-8286 |
| Unknown–webtoffee-gdpr-cookie-consent |
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the ‘Consent report’ page and the malicious script is executed in the admin context. |
2025-05-15 |
not yet calculated |
CVE-2024-8397 |
| Unknown–Wholesale Market |
The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attack |
2025-05-16 |
not yet calculated |
CVE-2022-4363 |
| Unknown–Widgets Reset |
The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2024-8082 |
| Unknown–WolfNet IDX for WordPress |
The WolfNet IDX for WordPress plugin through 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2023-6783 |
| Unknown–WOOEXIM |
The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user vulnerable to reflected XSS via a CSRF attack. |
2025-05-15 |
not yet calculated |
CVE-2025-1288 |
| Unknown–WordPress |
The WordPressè¿žæŽ¥å¾®åš WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. |
2025-05-15 |
not yet calculated |
CVE-2024-12282 |
| Unknown–WP Dashboard Notes |
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users with a role of contributor and above to update notes created by other users. |
2025-05-15 |
not yet calculated |
CVE-2023-7239 |
| Unknown–WP DeskLite |
The WP DeskLite WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
2025-05-15 |
not yet calculated |
CVE-2024-12724 |
| Unknown–WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting |
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-12808 |
| Unknown–WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting |
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 has an issue where employees can manipulate parameters to access the data of terminated employees. |
2025-05-15 |
not yet calculated |
CVE-2024-12812 |
| Unknown–WP Google Review Slider |
The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-11109 |
| Unknown–WP ULike |
The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2025-05-15 |
not yet calculated |
CVE-2024-12770 |
| Unknown–WP-PManager |
The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2025-05-15 |
not yet calculated |
CVE-2025-2247 |
| Unknown–WP-PManager |
The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks |
2025-05-15 |
not yet calculated |
CVE-2025-2248 |
| Unknown–WP-Reply Notify |
The WP-Reply Notify WordPress plugin through 1.1 does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. |
2025-05-15 |
not yet calculated |
CVE-2023-7195 |
| Unknown–Z-Downloads |
The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript. |
2025-05-15 |
not yet calculated |
CVE-2024-8673 |
| Unknown–Z-Downloads |
The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) |
2025-05-15 |
not yet calculated |
CVE-2024-8699 |
| Unknown–Z-Downloads |
The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs. |
2025-05-15 |
not yet calculated |
CVE-2024-8703 |
| VMware–Bitnami |
The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an ‘repmgr’ user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart. |
2025-05-13 |
not yet calculated |
CVE-2025-22248 |
| vyperlang–vyper |
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, `concat()` may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero. In practice, it would be very unusual in user code to construct zero-length bytestrings using an expression with side-effects, since zero-length bytestrings are typically constructed with the empty literal `b””`; the only way to construct an empty bytestring which has side effects would be with the ternary operator introduced in v0.3.8, e.g. `b”” if self.do_some_side_effect() else b””`. The fix is available in pull request 4644 and expected to be part of the 0.4.2 release. As a workaround, don’t have side effects in expressions which construct zero-length bytestrings. |
2025-05-15 |
not yet calculated |
CVE-2025-47285 |
| vyperlang–vyper |
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the `slice()` builtin can elide side effects when the output length is 0, and the source bytestring is a builtin (`msg.data` or `
.code`). The reason is that for these source locations, the check that `length >= 1` is skipped. The result is that a 0-length bytestring constructed with slice can be passed to `make_byte_array_copier`, which elides evaluation of its source argument when the max length is 0. The impact is that side effects in the `start` argument may be elided when the `length` argument is 0, e.g. `slice(msg.data, self.do_side_effect(), 0)`. The fix in pull request 4645 disallows any invocation of `slice()` with length 0, including for the ad hoc locations discussed in this advisory. The fix is expected to be part of version 0.4.2.
|
2025-05-15 |
not yet calculated |
CVE-2025-47774 |
| WatchGuard–Fireware OS |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through 12.11.1. |
2025-05-16 |
not yet calculated |
CVE-2025-4804 |
| WatchGuard–Fireware OS |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through 12.11.1. |
2025-05-16 |
not yet calculated |
CVE-2025-4805 |
| zulip–zulip |
Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the “Who can create public channels” access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique works for creating private channels without permission, though such a process requires either the API or modifying the HTML, as we do mark the “private” radio button as disabled in such cases. Version 10.3 contains a patch. |
2025-05-15 |
not yet calculated |
CVE-2025-47930 |
