Export limit exceeded: 335571 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335571 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48712 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2025-05-21 | 6.5 Medium |
| In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | ||||
| CVE-2024-48713 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2025-05-21 | 6.5 Medium |
| In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | ||||
| CVE-2024-48714 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2025-05-21 | 6.5 Medium |
| In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | ||||
| CVE-2025-48342 | 2025-05-21 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce allows Cross Site Request Forgery. This issue affects Dynamic Pricing & Discounts Lite for WooCommerce: from n/a through 2.0.3. | ||||
| CVE-2025-48341 | 2025-05-21 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Maker by 10Web allows Stored XSS. This issue affects Form Maker by 10Web: from n/a through 1.15.33. | ||||
| CVE-2025-48288 | 2025-05-21 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.5. | ||||
| CVE-2025-48284 | 2025-05-21 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in shohei.tanaka Japanized For WooCommerce allows Cross Site Request Forgery. This issue affects Japanized For WooCommerce: from n/a through 2.6.40. | ||||
| CVE-2025-48282 | 2025-05-21 | 5.3 Medium | ||
| Missing Authorization vulnerability in Majestic Support Majestic Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Majestic Support: from n/a through 1.1.0. | ||||
| CVE-2025-48280 | 2025-05-21 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP allows Blind SQL Injection. This issue affects AutomatorWP: from n/a through 5.2.1.3. | ||||
| CVE-2025-48277 | 2025-05-21 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder allows Stored XSS. This issue affects Cost Calculator Builder: from n/a through 3.2.74. | ||||
| CVE-2025-48276 | 2025-05-21 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.11.0. | ||||
| CVE-2025-48268 | 2025-05-21 | 4.3 Medium | ||
| Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bot for Telegram on WooCommerce: from n/a through 1.2.6. | ||||
| CVE-2025-48265 | 2025-05-21 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Pektsekye Year Make Model Search for WooCommerce allows Cross Site Request Forgery. This issue affects Year Make Model Search for WooCommerce: from n/a through 1.0.11. | ||||
| CVE-2025-48260 | 2025-05-21 | 4.3 Medium | ||
| Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.3. | ||||
| CVE-2025-48251 | 2025-05-21 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Emails & Recipients for WooCommerce allows Stored XSS. This issue affects Additional Custom Emails & Recipients for WooCommerce: from n/a through 3.5.1. | ||||
| CVE-2025-48250 | 2025-05-21 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Coupons & Add to Cart by URL Links for WooCommerce allows Stored XSS. This issue affects Coupons & Add to Cart by URL Links for WooCommerce: from n/a through 1.7.7. | ||||
| CVE-2025-48248 | 2025-05-21 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Sitewide Discount for WooCommerce: Apply Discount to All Products allows Stored XSS. This issue affects Sitewide Discount for WooCommerce: Apply Discount to All Products: from n/a through 2.2.1. | ||||
| CVE-2025-48247 | 2025-05-21 | 4.3 Medium | ||
| Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortlinks by Pretty Links: from n/a through 3.6.15. | ||||
| CVE-2025-48246 | 2025-05-21 | 5.4 Medium | ||
| Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Events Calendar: from n/a through 6.11.2.1. | ||||
| CVE-2025-48244 | 2025-05-21 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9. | ||||