Export limit exceeded: 334964 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334964 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32286 | 2025-05-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Butcher allows PHP Local File Inclusion. This issue affects Butcher: from n/a through 2.40. | ||||
| CVE-2025-39494 | 2025-05-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër allows PHP Local File Inclusion. This issue affects Wilmër: from n/a through n/a. | ||||
| CVE-2025-31913 | 2025-05-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Ogami allows PHP Local File Inclusion. This issue affects Ogami: from n/a through 1.53. | ||||
| CVE-2025-47492 | 2025-05-23 | 8.6 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Path Traversal. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through 1.4.3. | ||||
| CVE-2025-32309 | 2025-05-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul allows PHP Local File Inclusion. This issue affects Healsoul: from n/a through 2.0.2. | ||||
| CVE-2025-31423 | 2025-05-23 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto allows Object Injection. This issue affects Umberto: from n/a through 1.2.8. | ||||
| CVE-2025-4379 | 2025-05-23 | N/A | ||
| DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It removes the vulnerability without incrementing the version. | ||||
| CVE-2025-48289 | 2025-05-23 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet allows Object Injection. This issue affects Kids Planet: from n/a through 2.2.14. | ||||
| CVE-2025-47541 | 2025-05-23 | 7.5 High | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.17.7. | ||||
| CVE-2025-47530 | 2025-05-23 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels allows Object Injection. This issue affects WPFunnels: from n/a through 3.5.18. | ||||
| CVE-2025-47453 | 2025-05-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes WP Smart Import allows PHP Local File Inclusion. This issue affects WP Smart Import: from n/a through 1.1.3. | ||||
| CVE-2025-46486 | 2025-05-23 | 4.9 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway allows Path Traversal. This issue affects Nomupay Payment Processing Gateway: from n/a through 7.1.7. | ||||
| CVE-2025-46444 | 2025-05-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scripteo Ads Pro Plugin allows PHP Local File Inclusion. This issue affects Ads Pro Plugin: from n/a through 4.88. | ||||
| CVE-2025-46446 | 2025-05-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanrojas Libro de Reclamaciones allows Stored XSS. This issue affects Libro de Reclamaciones: from n/a through 1.0.1. | ||||
| CVE-2025-32292 | 2025-05-23 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress allows Object Injection. This issue affects Jarvis – Night Club, Concert, Festival WordPress: from n/a through 1.8.11. | ||||
| CVE-2025-32289 | 2025-05-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Yozi allows PHP Local File Inclusion. This issue affects Yozi: from n/a through 2.0.52. | ||||
| CVE-2025-31927 | 2025-05-23 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in themeton Acerola allows Object Injection. This issue affects Acerola: from n/a through 1.6.5. | ||||
| CVE-2025-31049 | 2025-05-23 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3. | ||||
| CVE-2025-48695 | 2025-05-23 | 6.4 Medium | ||
| An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access control: /api/v2/users/user/<user id>/role/ROLE/<Target role> (admin access can be achieved). | ||||
| CVE-2025-4975 | 2025-05-23 | N/A | ||
| When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device. | ||||