Export limit exceeded: 334505 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 334505 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334505 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58238 | 2 Ontraport, Wordpress | 2 Pilotpress, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ONTRAPORT PilotPress allows Stored XSS. This issue affects PilotPress: from n/a through 2.0.35. | ||||
| CVE-2025-58237 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Niaj Morshed LC Wizard allows Stored XSS. This issue affects LC Wizard: from n/a through 1.3.0. | ||||
| CVE-2025-58236 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Mayo Moriyama Force Update Translations allows Cross Site Request Forgery. This issue affects Force Update Translations: from n/a through 0.5. | ||||
| CVE-2024-41935 | 1 Linux | 1 Linux Kernel | 2025-09-23 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to shrink read extent node in batches We use rwlock to protect core structure data of extent tree during its shrink, however, if there is a huge number of extent nodes in extent tree, during shrink of extent tree, it may hold rwlock for a very long time, which may trigger kernel hang issue. This patch fixes to shrink read extent node in batches, so that, critical region of the rwlock can be shrunk to avoid its extreme long time hold. | ||||
| CVE-2025-58235 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Front End Users allows Stored XSS. This issue affects Front End Users: from n/a through 3.2.33. | ||||
| CVE-2025-58233 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Guaven Labs SQL Chart Builder allows DOM-Based XSS. This issue affects SQL Chart Builder: from n/a through 2.3.7.2. | ||||
| CVE-2025-58232 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ickata Image Editor by Pixo allows DOM-Based XSS. This issue affects Image Editor by Pixo: from n/a through 2.3.8. | ||||
| CVE-2025-58231 | 2 Bitly, Wordpress | 2 Bitly, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bitlydeveloper Bitly allows Stored XSS. This issue affects Bitly: from n/a through 2.7.4. | ||||
| CVE-2025-58230 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdthemes ZoloBlocks allows DOM-Based XSS. This issue affects ZoloBlocks: from n/a through 2.3.9. | ||||
| CVE-2025-58222 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.3 Medium |
| Missing Authorization vulnerability in Maidul Team Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Manager: from n/a through 2.3.14. | ||||
| CVE-2025-58221 | 2 Ontraport, Wordpress | 2 Pilotpress, Wordpress | 2025-09-23 | 4.3 Medium |
| Missing Authorization vulnerability in ONTRAPORT PilotPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PilotPress: from n/a through 2.0.35. | ||||
| CVE-2025-58220 | 2 Techeshta, Wordpress | 2 Card Elements For Wpbakery, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Techeshta Card Elements for WPBakery allows DOM-Based XSS. This issue affects Card Elements for WPBakery: from n/a through 1.0.8. | ||||
| CVE-2025-58219 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in LIJE Show Pages List allows Cross Site Request Forgery. This issue affects Show Pages List: from n/a through 1.2.0. | ||||
| CVE-2025-58200 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Bage Flexible FAQ allows Cross Site Request Forgery. This issue affects Flexible FAQ: from n/a through 0.2. | ||||
| CVE-2025-58199 | 2 Fastly, Wordpress | 2 Fastly, Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28. | ||||
| CVE-2025-58033 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leeshadle Draft allows Stored XSS. This issue affects Draft: from n/a through 3.0.9. | ||||
| CVE-2025-58032 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Bytes.co WP Compiler allows Cross Site Request Forgery. This issue affects WP Compiler: from n/a through 1.0.0. | ||||
| CVE-2025-58031 | 2 Nextendweb, Wordpress | 2 Nextend Facebook Connect, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nextendweb Nextend Facebook Connect allows Stored XSS. This issue affects Nextend Facebook Connect : from n/a through 3.1.19. | ||||
| CVE-2025-9487 | 2 Wordpress, Wpase | 2 Wordpress, Admin And Site Enhancements | 2025-09-23 | 4.7 Medium |
| The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads | ||||
| CVE-2025-9541 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.7 Medium |
| The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||