Total
317400 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62914 | 2025-11-06 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in anibalwainstein Effect Maker effect-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Effect Maker: from n/a through <= 1.2.1. | |||||
| CVE-2025-62018 | 2025-11-06 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.22.0. | |||||
| CVE-2025-64114 | 2025-11-06 | N/A | 6.5 MEDIUM | ||
| ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - #151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities require the Custom Fields plugin to be installed and accessible, and can only be exploited by users with administrative access to the plugin interface. This issue is fixed in version 5.5.2 - #. | |||||
| CVE-2025-53324 | 2025-11-06 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through <= 1.5.7. | |||||
| CVE-2025-64196 | 2025-11-06 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.2.5. | |||||
| CVE-2025-61994 | 2025-11-06 | N/A | 5.4 MEDIUM | ||
| Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbitrary script may be executed on the web browser of a victim user who accesses the page. | |||||
| CVE-2025-54737 | 2025-11-06 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.7.8. | |||||
| CVE-2025-55278 | 2025-11-06 | N/A | 8.1 HIGH | ||
| Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized access to sensitive resources and perform actions with elevated privileges. | |||||
| CVE-2025-12556 | 2025-11-06 | N/A | 8.8 HIGH | ||
| An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine. | |||||
| CVE-2025-49904 | 2025-11-06 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Reflected XSS.This issue affects Booking and Rental Manager: from n/a through <= 2.5.3. | |||||
| CVE-2025-64198 | 2025-11-06 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in appscreo Easy Social Share Buttons easy-social-share-buttons3 allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through < 10.7.1. | |||||
| CVE-2025-62031 | 2025-11-06 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tagDiv Composer: from n/a through <= 5.4.1. | |||||
| CVE-2025-60207 | 2025-11-06 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through <= 2.1.2. | |||||
| CVE-2025-62037 | 2025-11-06 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. | |||||
| CVE-2025-54719 | 2025-11-06 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi allows Object Injection.This issue affects Yogi - Health Beauty & Yoga: from n/a through <= 2.9.2. | |||||
| CVE-2025-62059 | 2025-11-06 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force SureRank surerank.This issue affects SureRank: from n/a through <= 1.3.2. | |||||
| CVE-2025-48089 | 2025-11-06 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through < 3.1.0. | |||||
| CVE-2025-63334 | 2025-11-06 | N/A | 9.8 CRITICAL | ||
| PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execute arbitrary commands with root privileges on the underlying system. | |||||
| CVE-2025-62032 | 2025-11-06 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.This issue affects tagDiv Cloud Library: from n/a through < 3.9.2. | |||||
| CVE-2025-62066 | 2025-11-06 | N/A | 7.4 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Revolution revolution.This issue affects Revolution: from n/a through < 2.5.8. | |||||