Total
94732 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58836 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tikolan FW Anker allows Stored XSS. This issue affects FW Anker: from n/a through 1.2.6. | |||||
| CVE-2024-40664 | 2025-09-05 | N/A | 6.2 MEDIUM | ||
| In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-58841 | 2025-09-05 | N/A | 5.5 MEDIUM | ||
| Incorrect Privilege Assignment vulnerability in John Luetke Media Author allows Privilege Escalation. This issue affects Media Author: from n/a through 1.0.4. | |||||
| CVE-2025-58790 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKube Kiwi allows Stored XSS. This issue affects Kiwi: from n/a through 2.1.8. | |||||
| CVE-2025-58797 | 2025-09-05 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Mahmudul Hasan Arif Ninja Charts allows Retrieve Embedded Sensitive Data. This issue affects Ninja Charts: from n/a through 3.3.2. | |||||
| CVE-2025-58834 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gugu short.io allows DOM-Based XSS. This issue affects short.io: from n/a through 2.4.0. | |||||
| CVE-2025-48105 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Boiardt Easy Flash Embed allows Stored XSS. This issue affects Easy Flash Embed: from n/a through 1.0. | |||||
| CVE-2025-58400 | 2025-09-05 | N/A | 6.7 MEDIUM | ||
| RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | |||||
| CVE-2025-58831 | 2025-09-05 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js allows Cross Site Request Forgery. This issue affects Parallax Scrolling Enllax.js: from n/a through 0.0.6. | |||||
| CVE-2025-7445 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs. | |||||
| CVE-2025-58840 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ibnul H. Custom Team Manager allows Stored XSS. This issue affects Custom Team Manager: from n/a through 2.4.2. | |||||
| CVE-2025-58874 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in josepsitjar StoryMap allows DOM-Based XSS. This issue affects StoryMap: from n/a through 2.1. | |||||
| CVE-2025-53571 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.6. | |||||
| CVE-2025-58835 | 2025-09-05 | N/A | 5.3 MEDIUM | ||
| Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bonus for Woo: from n/a through 7.4.1. | |||||
| CVE-2025-58793 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean WPB Elementor Addons allows Stored XSS. This issue affects WPB Elementor Addons: from n/a through 1.6. | |||||
| CVE-2025-58850 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in marcshowpass Showpass WordPress Extension allows Stored XSS. This issue affects Showpass WordPress Extension: from n/a through 4.0.3. | |||||
| CVE-2025-58795 | 2025-09-05 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Payoneer Checkout Payoneer Checkout allows Content Spoofing. This issue affects Payoneer Checkout: from n/a through 3.4.0. | |||||
| CVE-2025-58812 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows Stored XSS. This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.3. | |||||
| CVE-2025-58787 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Popup allows Stored XSS. This issue affects Themify Popup: from n/a through 1.4.4. | |||||
| CVE-2025-8684 | 2025-09-05 | N/A | 6.4 MEDIUM | ||
| The Flatsome Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||