Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5880 | 2025-06-12 | 4.3 Medium | ||
| A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-49275 | 2025-06-12 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogbyte allows PHP Local File Inclusion. This issue affects Blogbyte: from n/a through 1.1.1. | ||||
| CVE-2025-48139 | 2025-06-12 | 6.5 Medium | ||
| Missing Authorization vulnerability in relentlo StyleAI allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects StyleAI: from n/a through 1.0.4. | ||||
| CVE-2025-48125 | 2025-06-12 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP Event Manager allows PHP Local File Inclusion. This issue affects WP Event Manager: from n/a through 3.1.49. | ||||
| CVE-2025-47487 | 2025-06-12 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moreconvert MC Woocommerce Wishlist allows Reflected XSS. This issue affects MC Woocommerce Wishlist: from n/a through 1.9.1. | ||||
| CVE-2025-47463 | 2025-06-12 | 7.1 High | ||
| Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stock Locations for WooCommerce: from n/a through 2.8.6. | ||||
| CVE-2023-26005 | 2025-06-12 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Fitrush allows PHP Local File Inclusion. This issue affects Fitrush: from n/a through 1.3.4. | ||||
| CVE-2025-39539 | 2025-06-12 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quitenicestuff Soho Hotel allows Reflected XSS. This issue affects Soho Hotel: from n/a through 4.2.5. | ||||
| CVE-2025-39476 | 2025-06-12 | 7.5 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Revo allows PHP Local File Inclusion. This issue affects Revo: from n/a through 4.0.26. | ||||
| CVE-2025-31429 | 2025-06-12 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme allows Object Injection. This issue affects PressGrid - Frontend Publish Reaction & Multimedia Theme: from n/a through 1.3.1. | ||||
| CVE-2025-31061 | 2025-06-12 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Wishlist allows Reflected XSS. This issue affects Wishlist: from n/a through 2.1.0. | ||||
| CVE-2025-31057 | 2025-06-12 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player allows Reflected XSS. This issue affects Universal Video Player: from n/a through 1.4.0. | ||||
| CVE-2025-31045 | 2025-06-12 | 7.5 High | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in elfsight elfsight Contact Form widget allows Retrieve Embedded Sensitive Data. This issue affects elfsight Contact Form widget: from n/a through 2.3.1. | ||||
| CVE-2025-28992 | 2025-06-12 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Anton allows PHP Local File Inclusion. This issue affects SNS Anton: from n/a through 4.1. | ||||
| CVE-2025-28944 | 2025-06-12 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Avaz allows PHP Local File Inclusion. This issue affects Avaz: from n/a through 2.8. | ||||
| CVE-2025-24770 | 2025-06-12 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme CraftXtore allows PHP Local File Inclusion. This issue affects CraftXtore: from n/a through 1.7. | ||||
| CVE-2025-24767 | 2025-06-12 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Blind SQL Injection. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19. | ||||
| CVE-2023-25999 | 2025-06-12 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects BodyCenter - Gym, Fitness WooCommerce WordPress Theme: from n/a through 2.4. | ||||
| CVE-2024-46452 | 2025-06-12 | 6.1 Medium | ||
| A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL. | ||||
| CVE-2025-49653 | 2025-06-12 | 8 High | ||
| Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform. | ||||