Total
291370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39390 | 2025-04-24 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Booking and Rental Manager: from n/a through 2.3.8. | |||||
| CVE-2025-39387 | 2025-04-24 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPoperation Opstore allows PHP Local File Inclusion. This issue affects Opstore: from n/a through 1.4.5. | |||||
| CVE-2025-39385 | 2025-04-24 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in VW Themes Sirat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sirat: from n/a through 1.5.1. | |||||
| CVE-2025-39384 | 2025-04-24 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cedcommerce Product Lister for eBay allows PHP Local File Inclusion. This issue affects Product Lister for eBay: from n/a through 2.0.9. | |||||
| CVE-2025-39383 | 2025-04-24 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Work Web Xews Lite allows PHP Local File Inclusion. This issue affects Xews Lite: from n/a through 1.0.9. | |||||
| CVE-2025-39382 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS. This issue affects ACF: Google Font Selector: from n/a through 3.0.1. | |||||
| CVE-2025-39381 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4. | |||||
| CVE-2025-39379 | 2025-04-24 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Capturly Capturly allows PHP Local File Inclusion. This issue affects Capturly: from n/a through 2.0.1. | |||||
| CVE-2025-39378 | 2025-04-24 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows PHP Local File Inclusion. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37. | |||||
| CVE-2025-39377 | 2025-04-24 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Appsero Helper allows SQL Injection. This issue affects Appsero Helper: from n/a through 1.3.4. | |||||
| CVE-2025-39360 | 2025-04-24 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in everestthemes Grace Mag allows PHP Local File Inclusion. This issue affects Grace Mag: from n/a through 1.1.5. | |||||
| CVE-2025-39359 | 2025-04-24 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Work Web CWW Portfolio allows PHP Local File Inclusion. This issue affects CWW Portfolio: from n/a through 1.3.1. | |||||
| CVE-2025-32921 | 2025-04-24 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPoperation Arrival allows PHP Local File Inclusion. This issue affects Arrival: from n/a through 1.4.5. | |||||
| CVE-2025-29568 | 2025-04-24 | N/A | 4.8 MEDIUM | ||
| A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class_sched.php. Manipulating the class parameter can lead to cross-site scripting (XSS). | |||||
| CVE-2025-28028 | 2025-04-24 | N/A | 7.3 HIGH | ||
| TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter. | |||||
| CVE-2025-28025 | 2025-04-24 | N/A | 7.3 HIGH | ||
| TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. | |||||
| CVE-2025-28022 | 2025-04-24 | N/A | 7.3 HIGH | ||
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. | |||||
| CVE-2025-28021 | 2025-04-24 | N/A | 7.3 HIGH | ||
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters | |||||
| CVE-2025-28020 | 2025-04-24 | N/A | 7.3 HIGH | ||
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. | |||||
| CVE-2025-28019 | 2025-04-24 | N/A | 7.3 HIGH | ||
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component | |||||