Export limit exceeded: 324781 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (324781 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12938 | 1 Code-projects | 1 Simple Admin Panel | 2025-07-12 | 6.3 Medium |
| A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The manipulation of the argument record leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-30577 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in mendibass Browser Address Bar Color allows Stored XSS. This issue affects Browser Address Bar Color: from n/a through 3.3. | ||||
| CVE-2025-23945 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Popliup allows PHP Local File Inclusion. This issue affects Popliup: from n/a through 1.1.1. | ||||
| CVE-2025-47599 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante allows SQL Injection. This issue affects Facturante: from n/a through 1.11. | ||||
| CVE-2024-5863 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_image_collage() function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to erase all of the content in arbitrary posts. | ||||
| CVE-2025-22574 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Motacek ICS Button allows Stored XSS.This issue affects ICS Button: from n/a through 0.6. | ||||
| CVE-2024-51920 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JDev Map Store Locator allows DOM-Based XSS.This issue affects Map Store Locator: from n/a through 1.2.1. | ||||
| CVE-2024-12491 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The SimplyRETS Real Estate IDX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sr_search_form' shortcode in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2347 | 2 Brainstormforce, Wordpress | 2 Astra, Wordpress | 2025-07-12 | 6.4 Medium |
| The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23515 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in tsecher ts-tree allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ts-tree: from n/a through 0.1.1. | ||||
| CVE-2024-39534 | 1 Juniper Networks | 1 Junos Os Evolved | 2025-07-12 | 5.4 Medium |
| An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters. This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * 22.2-EVO before 22.2R3-S4-EVO, * 22.3-EVO before 22.3R3-S4-EVO, * 22.4-EVO before 22.4R3-S3-EVO, * 23.2-EVO before 23.2R2-S1-EVO, * 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO. | ||||
| CVE-2025-23874 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Block Pack allows Reflected XSS. This issue affects WP Block Pack: from n/a through 1.1.6. | ||||
| CVE-2024-13662 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The eHive Objects Image Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ehive_objects_image_grid' shortcode in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-22538 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot allows Stored XSS.This issue affects Virtual Bot: from n/a through 1.0.0. | ||||
| CVE-2024-50342 | 1 Symfony | 1 Symfony | 2025-07-12 | 3.1 Low |
| symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-26570 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance That allows Cross Site Request Forgery. This issue affects Glance That: from n/a through 4.9. | ||||
| CVE-2025-23523 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoststreamsell HSS Embed Streaming Video allows Reflected XSS. This issue affects HSS Embed Streaming Video: from n/a through 3.23. | ||||
| CVE-2024-12572 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.1 Medium |
| The Hello In All Languages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-51699 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Buooy Buooy Sticky Header allows Reflected XSS.This issue affects Buooy Sticky Header: from n/a through 0.5.2. | ||||
| CVE-2024-51718 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Dehnel Simple Modal allows Reflected XSS.This issue affects Simple Modal: from n/a through 0.3.3. | ||||