Vulnerabilities (CVE)

Total 296653 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-47598 2025-06-12 N/A 6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in click5 History Log by click5 allows Stored XSS. This issue affects History Log by click5: from n/a through 1.0.13.
CVE-2025-32308 2025-06-12 N/A 7.6 HIGH
Missing Authorization vulnerability in looks_awesome Team Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Builder: from n/a through 1.5.7.
CVE-2025-31635 2025-06-12 N/A 7.5 HIGH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER allows Path Traversal. This issue affects CLEVER: from n/a through 2.6.
CVE-2023-25999 2025-06-12 N/A 8.1 HIGH
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects BodyCenter - Gym, Fitness WooCommerce WordPress Theme: from n/a through 2.4.
CVE-2025-49280 2025-06-12 N/A 8.1 HIGH
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magty allows PHP Local File Inclusion. This issue affects Magty: from n/a through 1.0.6.
CVE-2025-47651 2025-06-12 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection. This issue affects Infility Global: from n/a through 2.12.4.
CVE-2025-5880 2025-06-12 3.3 LOW 4.3 MEDIUM
A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5891 2025-06-12 4.0 MEDIUM 4.3 MEDIUM
A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-48143 2025-06-12 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salesup2019 Formulario de contacto SalesUp! allows Reflected XSS. This issue affects Formulario de contacto SalesUp!: from n/a through 1.0.14.
CVE-2025-40668 2025-06-12 N/A N/A
Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in /PC/WebService.aspx/validateChangePassword%C3%B1a. To exploit the vulnerability the PasswordActual parameter must be empty.
CVE-2025-48130 2025-06-12 N/A 7.5 HIGH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks allows Path Traversal. This issue affects Spice Blocks: from n/a through 2.0.7.2.
CVE-2025-49265 2025-06-12 N/A 7.5 HIGH
Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.8.1.
CVE-2025-47487 2025-06-12 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moreconvert MC Woocommerce Wishlist allows Reflected XSS. This issue affects MC Woocommerce Wishlist: from n/a through 1.9.1.
CVE-2025-31057 2025-06-12 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player allows Reflected XSS. This issue affects Universal Video Player: from n/a through 1.4.0.
CVE-2025-31424 2025-06-12 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages allows Blind SQL Injection. This issue affects WP Lead Capturing Pages: from n/a through 2.3.
CVE-2025-49653 2025-06-12 N/A 8.0 HIGH
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.
CVE-2025-5918 2025-06-12 N/A 3.9 LOW
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
CVE-2025-5914 2025-06-12 N/A 3.9 LOW
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
CVE-2025-47527 2025-06-12 N/A 7.1 HIGH
Missing Authorization vulnerability in Icegram Icegram Collect – Easy Form, Lead Collection and Subscription plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Icegram Collect – Easy Form, Lead Collection and Subscription plugin: from n/a through 1.3.18.
CVE-2025-31050 2025-06-12 N/A 7.5 HIGH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery allows Path Traversal. This issue affects Apptha Slider Gallery: from n/a through 2.5.