Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9390 | 1 Vim | 1 Vim | 2025-09-24 | 5.3 Medium |
| A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component. | ||||
| CVE-2025-57954 | 2 Ays-pro, Wordpress | 2 Poll Maker, Wordpress | 2025-09-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Poll Maker allows DOM-Based XSS. This issue affects Poll Maker: from n/a through 6.0.1. | ||||
| CVE-2025-57953 | 2 100plugins, Wordpress | 2 Open User Map, Wordpress | 2025-09-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 100plugins Open User Map allows DOM-Based XSS. This issue affects Open User Map: from n/a through 1.4.14. | ||||
| CVE-2025-57952 | 2 Icopydoc, Wordpress | 2 Maps For Wp, Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Maps for WP allows Stored XSS. This issue affects Maps for WP: from n/a through 1.2.5. | ||||
| CVE-2025-58065 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-09-24 | 6.5 Medium |
| Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create JWT tokens even after the user is disabled on the authentication provider. Users should upgrade to Flask-AppBuilder version 4.8.1 or later to receive a fix. If immediate upgrade is not possible, manually disable password reset routes in the application configuration; implement additional access controls at the web server or proxy level to block access to the reset my password URL; and/or monitor for suspicious password reset attempts from disabled accounts. | ||||
| CVE-2025-10127 | 1 Daikin | 1 Security Gateway | 2025-09-24 | 9.8 Critical |
| Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials. | ||||
| CVE-2025-57951 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ken107 SiteNarrator Text-to-Speech Widget allows Stored XSS. This issue affects SiteNarrator Text-to-Speech Widget: from n/a through 1.9. | ||||
| CVE-2025-57950 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Glen Scott Plugin Security Scanner allows Stored XSS. This issue affects Plugin Security Scanner: from n/a through 2.0.2. | ||||
| CVE-2025-57944 | 2 Skimlinks, Wordpress | 2 Affiliate Marketing Tool, Wordpress | 2025-09-24 | 5.3 Medium |
| Missing Authorization vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Skimlinks Affiliate Marketing Tool: from n/a through 1.3. | ||||
| CVE-2025-9038 | 2025-09-24 | N/A | ||
| Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version. | ||||
| CVE-2025-57943 | 2 Skimlinks, Wordpress | 2 Affiliate Marketing Tool, Wordpress | 2025-09-24 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool allows Server Side Request Forgery. This issue affects Skimlinks Affiliate Marketing Tool: from n/a through 1.3. | ||||
| CVE-2025-59055 | 2 Instantcms, Instantsoft | 2 Instantcms, Instantcms | 2025-09-24 | 4.7 Medium |
| InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery (SSRF) vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers to make nay HTTP/HTTPS request via the package parameter. It is possible to make any HTTP/HTTPS request to any website in installer functionality. Due to such vulnerability it is possible to for example scan local network, call local services and its functions, conduct a DoS attack, and/or disclose a server's real IP if it's behind a reverse proxy. It is also possible to exhaust server resources by sending plethora of such requests. As of time of publication, no patched releases are available. | ||||
| CVE-2025-57941 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JonathanMH Append Link on Copy allows Stored XSS. This issue affects Append Link on Copy: from n/a through 0.2. | ||||
| CVE-2025-36082 | 1 Ibm | 2 Openpages, Openpages With Watson | 2025-09-24 | 4 Medium |
| IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system. | ||||
| CVE-2025-57940 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suresh Kumar Mukhiya Append extensions on Pages allows Stored XSS. This issue affects Append extensions on Pages: from n/a through 1.1.2. | ||||
| CVE-2025-57929 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kanwei_doublethedonation Double the Donation allows Stored XSS. This issue affects Double the Donation: from n/a through 2.0.0. | ||||
| CVE-2025-57928 | 2 Strategy11, Wordpress | 2 Awp Classifieds, Wordpress | 2025-09-24 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Team AWP Classifieds allows Code Injection. This issue affects AWP Classifieds: from n/a through 4.3.5. | ||||
| CVE-2025-57927 | 2 Stephanie Leary, Wordpress | 2 Dashboard Notepad, Wordpress | 2025-09-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad allows Cross Site Request Forgery. This issue affects Dashboard Notepad: from n/a through 1.42. | ||||
| CVE-2025-57926 | 2 Wordpress, Wpchill | 2 Wordpress, Passster | 2025-09-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Passster allows Stored XSS. This issue affects Passster: from n/a through 4.2.18. | ||||
| CVE-2025-57925 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart Team allows PHP Local File Inclusion. This issue affects immonex Kickstart Team: from n/a through 1.6.9. | ||||