Export limit exceeded: 10141 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334984 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58221 | 2 Ontraport, Wordpress | 2 Pilotpress, Wordpress | 2025-09-23 | 4.3 Medium |
| Missing Authorization vulnerability in ONTRAPORT PilotPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PilotPress: from n/a through 2.0.35. | ||||
| CVE-2025-58220 | 2 Techeshta, Wordpress | 2 Card Elements For Wpbakery, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Techeshta Card Elements for WPBakery allows DOM-Based XSS. This issue affects Card Elements for WPBakery: from n/a through 1.0.8. | ||||
| CVE-2025-58219 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in LIJE Show Pages List allows Cross Site Request Forgery. This issue affects Show Pages List: from n/a through 1.2.0. | ||||
| CVE-2025-58200 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Bage Flexible FAQ allows Cross Site Request Forgery. This issue affects Flexible FAQ: from n/a through 0.2. | ||||
| CVE-2025-58199 | 2 Fastly, Wordpress | 2 Fastly, Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28. | ||||
| CVE-2025-58033 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leeshadle Draft allows Stored XSS. This issue affects Draft: from n/a through 3.0.9. | ||||
| CVE-2025-58032 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Bytes.co WP Compiler allows Cross Site Request Forgery. This issue affects WP Compiler: from n/a through 1.0.0. | ||||
| CVE-2025-58031 | 2 Nextendweb, Wordpress | 2 Nextend Facebook Connect, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nextendweb Nextend Facebook Connect allows Stored XSS. This issue affects Nextend Facebook Connect : from n/a through 3.1.19. | ||||
| CVE-2025-9487 | 2 Wordpress, Wpase | 2 Wordpress, Admin And Site Enhancements | 2025-09-23 | 4.7 Medium |
| The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads | ||||
| CVE-2025-9541 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.7 Medium |
| The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-9540 | 2 Markup Markdown Project, Wordpress | 2 Markup Markdown, Wordpress | 2025-09-23 | 4.7 Medium |
| The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-10787 | 1 Muyucms | 1 Muyucms | 2025-09-23 | 6.3 Medium |
| A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-10009 | 1 Invoiceninja | 1 Invoice Ninja | 2025-09-23 | N/A |
| Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja <= 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files. | ||||
| CVE-2025-25177 | 1 Imaginationtech | 1 Graphics Ddk | 2025-09-23 | 5.1 Medium |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. | ||||
| CVE-2025-9115 | 2 Etsy Shop Project, Wordpress | 2 Etsy Shop, Wordpress | 2025-09-23 | 5.6 Medium |
| The Etsy Shop WordPress plugin before 3.0.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers. | ||||
| CVE-2025-43953 | 1 2wcom | 1 Ip-4c | 2025-09-23 | 8.8 High |
| In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. | ||||
| CVE-2025-58271 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AnyClip Video Platform AnyClip Luminous Studio allows Stored XSS. This issue affects AnyClip Luminous Studio: from n/a through 1.3.3. | ||||
| CVE-2025-58688 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support allows Stored XSS. This issue affects Casengo Live Chat Support: from n/a through 2.1.4. | ||||
| CVE-2025-58646 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chtombleson Mobi2Go allows Stored XSS. This issue affects Mobi2Go: from n/a through 1.0.0. | ||||
| CVE-2025-58680 | 2 Gutentor, Wordpress | 2 Gutentor, Wordpress | 2025-09-23 | 6.5 Medium |
| Missing Authorization vulnerability in gutentor Gutentor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutentor: from n/a through 3.5.2. | ||||