Export limit exceeded: 332977 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (332977 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47643 | 2025-05-08 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2. | ||||
| CVE-2025-47606 | 2025-05-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways allows Cross Site Request Forgery. This issue affects Simple Giveaways: from n/a through 2.48.2. | ||||
| CVE-2025-26168 | 2025-05-08 | 8.1 High | ||
| IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be overwritten. | ||||
| CVE-2025-47669 | 2025-05-08 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sabuj Kundu CBX Map for Google Map & OpenStreetMap allows DOM-Based XSS. This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through 1.1.12. | ||||
| CVE-2025-47655 | 2025-05-08 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer allows Stored XSS. This issue affects theMarketer: from n/a through 1.4.7. | ||||
| CVE-2025-47649 | 2025-05-08 | 8.8 High | ||
| Path Traversal vulnerability in ilmosys Open Close WooCommerce Store allows PHP Local File Inclusion. This issue affects Open Close WooCommerce Store: from n/a through 4.9.5. | ||||
| CVE-2025-47592 | 2025-05-08 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lehel Mátyus Legal Terms and Conditions Popup for User Login and WooCommerce Checkout – TPUL allows Stored XSS. This issue affects Legal Terms and Conditions Popup for User Login and WooCommerce Checkout – TPUL: from n/a through 2.0.3. | ||||
| CVE-2025-3759 | 2025-05-08 | N/A | ||
| Endpoint /cgi-bin-igd/netcore_set.cgi which is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-47691 | 2025-05-08 | 5.5 Medium | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member allows Code Injection. This issue affects Ultimate Member: from n/a through 2.10.3. | ||||
| CVE-2025-47647 | 2025-05-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.18. | ||||
| CVE-2025-40846 | 2025-05-08 | N/A | ||
| Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject JavaScript code to perform cross site scripting attack. The vulnerability affects Halo versions up to 2.174.101 and all versions between 2.175.1 and 2.184.21 | ||||
| CVE-2025-47605 | 2025-05-08 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AppJetty WP jQuery DataTable allows Stored XSS. This issue affects WP jQuery DataTable: from n/a through 4.1.0. | ||||
| CVE-2025-47602 | 2025-05-08 | 5.4 Medium | ||
| Missing Authorization vulnerability in ammarahmad786 Calculate Prices based on Distance For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Calculate Prices based on Distance For WooCommerce: from n/a through 1.3.5. | ||||
| CVE-2025-47596 | 2025-05-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Beacon Lead Magnets and Lead Capture allows Cross Site Request Forgery. This issue affects Beacon Lead Magnets and Lead Capture: from n/a through 1.5.8. | ||||
| CVE-2025-47594 | 2025-05-08 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Soccer Live Scores allows Cross Site Request Forgery. This issue affects Soccer Live Scores: from n/a through 1.0.5. | ||||
| CVE-2025-47593 | 2025-05-08 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonas Hjalmarsson Really Simple Under Construction Page allows Stored XSS. This issue affects Really Simple Under Construction Page: from n/a through 1.4.6. | ||||
| CVE-2025-47679 | 2025-05-08 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RS WP THEMES RS WP Book Showcase allows DOM-Based XSS. This issue affects RS WP Book Showcase: from n/a through 6.7.40. | ||||
| CVE-2025-47677 | 2025-05-08 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery allows Stored XSS. This issue affects Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.25. | ||||
| CVE-2025-47589 | 2025-05-08 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store allows DOM-Based XSS. This issue affects Ebook Store: from n/a through 5.8007. | ||||
| CVE-2025-47659 | 2025-05-08 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements allows Stored XSS. This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through 1.0.4.1. | ||||