Export limit exceeded: 334636 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334636 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47910 | 2 Go Standard Library, Golang | 3 Net\/http, Http2, Net | 2025-09-24 | 5.4 Medium |
| When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections. | ||||
| CVE-2023-2507 | 1 Clevertap | 1 Clevertap | 2025-09-24 | 9.3 Critical |
| CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them. | ||||
| CVE-2025-57958 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.3 Medium |
| Missing Authorization vulnerability in WPXPO WowAddons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowAddons: from n/a through 1.0.17. | ||||
| CVE-2024-5960 | 2 Eliz Software, Elizsoftware | 2 Panel, Panel | 2025-09-24 | 9.8 Critical |
| Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24. | ||||
| CVE-2025-57957 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.3 Medium |
| Missing Authorization vulnerability in wpcraft WooMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooMS: from n/a through 9.12. | ||||
| CVE-2025-10630 | 2 Grafana, Zabbix | 2 Grafana, Zabbix | 2025-09-24 | 4.3 Medium |
| Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via user-supplied regex query which could causes CPU usage to max out. This vulnerability is fixed in version 6.0.0. | ||||
| CVE-2025-57956 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcraft WooMS allows Stored XSS. This issue affects WooMS: from n/a through 9.12. | ||||
| CVE-2025-57955 | 2 Plugin-devs, Wordpress | 2 Post Carousel Slider For Elementor, Wordpress | 2025-09-24 | 6.5 Medium |
| Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Carousel Slider for Elementor: from n/a through 1.7.0. | ||||
| CVE-2025-9390 | 1 Vim | 1 Vim | 2025-09-24 | 5.3 Medium |
| A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component. | ||||
| CVE-2025-57954 | 2 Ays-pro, Wordpress | 2 Poll Maker, Wordpress | 2025-09-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Poll Maker allows DOM-Based XSS. This issue affects Poll Maker: from n/a through 6.0.1. | ||||
| CVE-2025-57953 | 2 100plugins, Wordpress | 2 Open User Map, Wordpress | 2025-09-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 100plugins Open User Map allows DOM-Based XSS. This issue affects Open User Map: from n/a through 1.4.14. | ||||
| CVE-2025-57952 | 2 Icopydoc, Wordpress | 2 Maps For Wp, Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Maps for WP allows Stored XSS. This issue affects Maps for WP: from n/a through 1.2.5. | ||||
| CVE-2025-58065 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-09-24 | 6.5 Medium |
| Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create JWT tokens even after the user is disabled on the authentication provider. Users should upgrade to Flask-AppBuilder version 4.8.1 or later to receive a fix. If immediate upgrade is not possible, manually disable password reset routes in the application configuration; implement additional access controls at the web server or proxy level to block access to the reset my password URL; and/or monitor for suspicious password reset attempts from disabled accounts. | ||||
| CVE-2025-10127 | 1 Daikin | 1 Security Gateway | 2025-09-24 | 9.8 Critical |
| Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials. | ||||
| CVE-2025-57951 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ken107 SiteNarrator Text-to-Speech Widget allows Stored XSS. This issue affects SiteNarrator Text-to-Speech Widget: from n/a through 1.9. | ||||
| CVE-2025-57950 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Glen Scott Plugin Security Scanner allows Stored XSS. This issue affects Plugin Security Scanner: from n/a through 2.0.2. | ||||
| CVE-2025-57944 | 2 Skimlinks, Wordpress | 2 Affiliate Marketing Tool, Wordpress | 2025-09-24 | 5.3 Medium |
| Missing Authorization vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Skimlinks Affiliate Marketing Tool: from n/a through 1.3. | ||||
| CVE-2025-9038 | 2025-09-24 | N/A | ||
| Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version. | ||||
| CVE-2025-57943 | 2 Skimlinks, Wordpress | 2 Affiliate Marketing Tool, Wordpress | 2025-09-24 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool allows Server Side Request Forgery. This issue affects Skimlinks Affiliate Marketing Tool: from n/a through 1.3. | ||||
| CVE-2025-59055 | 2 Instantcms, Instantsoft | 2 Instantcms, Instantcms | 2025-09-24 | 4.7 Medium |
| InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery (SSRF) vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers to make nay HTTP/HTTPS request via the package parameter. It is possible to make any HTTP/HTTPS request to any website in installer functionality. Due to such vulnerability it is possible to for example scan local network, call local services and its functions, conduct a DoS attack, and/or disclose a server's real IP if it's behind a reverse proxy. It is also possible to exhaust server resources by sending plethora of such requests. As of time of publication, no patched releases are available. | ||||