Total
296653 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-47598 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in click5 History Log by click5 allows Stored XSS. This issue affects History Log by click5: from n/a through 1.0.13. | |||||
CVE-2025-32308 | 2025-06-12 | N/A | 7.6 HIGH | ||
Missing Authorization vulnerability in looks_awesome Team Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Builder: from n/a through 1.5.7. | |||||
CVE-2025-31635 | 2025-06-12 | N/A | 7.5 HIGH | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER allows Path Traversal. This issue affects CLEVER: from n/a through 2.6. | |||||
CVE-2023-25999 | 2025-06-12 | N/A | 8.1 HIGH | ||
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects BodyCenter - Gym, Fitness WooCommerce WordPress Theme: from n/a through 2.4. | |||||
CVE-2025-49280 | 2025-06-12 | N/A | 8.1 HIGH | ||
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magty allows PHP Local File Inclusion. This issue affects Magty: from n/a through 1.0.6. | |||||
CVE-2025-47651 | 2025-06-12 | N/A | 8.5 HIGH | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection. This issue affects Infility Global: from n/a through 2.12.4. | |||||
CVE-2025-5880 | 2025-06-12 | 3.3 LOW | 4.3 MEDIUM | ||
A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2025-5891 | 2025-06-12 | 4.0 MEDIUM | 4.3 MEDIUM | ||
A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-48143 | 2025-06-12 | N/A | 7.1 HIGH | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salesup2019 Formulario de contacto SalesUp! allows Reflected XSS. This issue affects Formulario de contacto SalesUp!: from n/a through 1.0.14. | |||||
CVE-2025-40668 | 2025-06-12 | N/A | N/A | ||
Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in /PC/WebService.aspx/validateChangePassword%C3%B1a. To exploit the vulnerability the PasswordActual parameter must be empty. | |||||
CVE-2025-48130 | 2025-06-12 | N/A | 7.5 HIGH | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks allows Path Traversal. This issue affects Spice Blocks: from n/a through 2.0.7.2. | |||||
CVE-2025-49265 | 2025-06-12 | N/A | 7.5 HIGH | ||
Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.8.1. | |||||
CVE-2025-47487 | 2025-06-12 | N/A | 7.1 HIGH | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moreconvert MC Woocommerce Wishlist allows Reflected XSS. This issue affects MC Woocommerce Wishlist: from n/a through 1.9.1. | |||||
CVE-2025-31057 | 2025-06-12 | N/A | 7.1 HIGH | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player allows Reflected XSS. This issue affects Universal Video Player: from n/a through 1.4.0. | |||||
CVE-2025-31424 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages allows Blind SQL Injection. This issue affects WP Lead Capturing Pages: from n/a through 2.3. | |||||
CVE-2025-49653 | 2025-06-12 | N/A | 8.0 HIGH | ||
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform. | |||||
CVE-2025-5918 | 2025-06-12 | N/A | 3.9 LOW | ||
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition. | |||||
CVE-2025-5914 | 2025-06-12 | N/A | 3.9 LOW | ||
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. | |||||
CVE-2025-47527 | 2025-06-12 | N/A | 7.1 HIGH | ||
Missing Authorization vulnerability in Icegram Icegram Collect – Easy Form, Lead Collection and Subscription plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Icegram Collect – Easy Form, Lead Collection and Subscription plugin: from n/a through 1.3.18. | |||||
CVE-2025-31050 | 2025-06-12 | N/A | 7.5 HIGH | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery allows Path Traversal. This issue affects Apptha Slider Gallery: from n/a through 2.5. |