Total
309168 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58615 | 2025-09-04 | N/A | 4.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Bannerize Pro allows Server Side Request Forgery. This issue affects WP Bannerize Pro: from n/a through 1.10.0. | |||||
| CVE-2025-58597 | 2025-09-04 | N/A | 4.3 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 2.4.6. | |||||
| CVE-2025-7388 | 2025-09-04 | N/A | 8.4 HIGH | ||
| It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property with inadequate input validation leading to OS command injection. | |||||
| CVE-2025-8268 | 2025-09-04 | N/A | 6.5 MEDIUM | ||
| The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users. | |||||
| CVE-2025-58598 | 2025-09-04 | N/A | 6.6 MEDIUM | ||
| Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Klarna Order Management for WooCommerce: from n/a through 1.9.8. | |||||
| CVE-2025-58640 | 2025-09-04 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MatrixAddons Document Engine allows Stored XSS. This issue affects Document Engine: from n/a through 1.2. | |||||
| CVE-2025-58630 | 2025-09-04 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer Simple Matomo Tracking Code allows Stored XSS. This issue affects Simple Matomo Tracking Code: from n/a through 1.1.0. | |||||
| CVE-2025-9365 | 2025-09-04 | N/A | 7.8 HIGH | ||
| Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2025-9516 | 2025-09-04 | N/A | 4.9 MEDIUM | ||
| The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the originally intended directory. | |||||
| CVE-2025-56752 | 2025-09-04 | N/A | 9.4 CRITICAL | ||
| A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to /user.cgi. | |||||
| CVE-2025-57263 | 2025-09-04 | N/A | 7.2 HIGH | ||
| An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php admin panel. | |||||
| CVE-2025-36193 | 2025-09-04 | N/A | 8.4 HIGH | ||
| IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation Advisor Operator Catalog image. | |||||
| CVE-2025-58603 | 2025-09-04 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Surfer: from n/a through 1.6.4.574. | |||||
| CVE-2025-58634 | 2025-09-04 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in peachpay PeachPay Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PeachPay Payments: from n/a through 1.117.4. | |||||
| CVE-2025-58604 | 2025-09-04 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.5. | |||||
| CVE-2025-58622 | 2025-09-04 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile Contact Line: from n/a through 2.4.0. | |||||
| CVE-2025-9931 | 2025-09-04 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2025-9935 | 2025-09-04 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-58626 | 2025-09-04 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RumbleTalk RumbleTalk Live Group Chat allows Stored XSS. This issue affects RumbleTalk Live Group Chat: from n/a through 6.3.5. | |||||
| CVE-2025-58606 | 2025-09-04 | N/A | 5.0 MEDIUM | ||
| Missing Authorization vulnerability in CozyThemes SaasLauncher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SaasLauncher: from n/a through 1.3.0. | |||||