Total
304017 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54018 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CM Pop-Up banners: from n/a through 1.8.4. | |||||
| CVE-2025-28961 | 2025-07-16 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener allows Object Injection. This issue affects URL Shortener: from n/a through 3.0.7. | |||||
| CVE-2025-54016 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Gilman Videopack allows DOM-Based XSS. This issue affects Videopack: from n/a through 4.10.3. | |||||
| CVE-2025-49031 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefan M. SMu Manual DoFollow allows Reflected XSS. This issue affects SMu Manual DoFollow: from n/a through 1.8.1. | |||||
| CVE-2025-48291 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery allows Stored XSS. This issue affects Contest Gallery: from n/a through 26.0.6. | |||||
| CVE-2025-54020 | 2025-07-16 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form 7 allows Cross Site Request Forgery. This issue affects AntiSpam for Contact Form 7: from n/a through 0.6.3. | |||||
| CVE-2025-29000 | 2025-07-16 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Multi-language Responsive Contact Form: from n/a through 2.8. | |||||
| CVE-2025-7673 | 2025-07-16 | N/A | 9.8 CRITICAL | ||
| A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request. | |||||
| CVE-2025-48167 | 2025-07-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in alexvtn Chatbox Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chatbox Manager: from n/a through 1.2.5. | |||||
| CVE-2025-48339 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0. | |||||
| CVE-2025-5845 | 2025-07-16 | N/A | 6.4 MEDIUM | ||
| The Affiliate Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘numColumns’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-54037 | 2025-07-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects News Kit Elementor Addons: from n/a through 1.3.4. | |||||
| CVE-2025-30949 | 2025-07-16 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram allows Object Injection. This issue affects Site Chat on Telegram: from n/a through 1.0.4. | |||||
| CVE-2025-49884 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in alexvtn Internal Linking of Related Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Linking of Related Contents: from n/a through 1.1.8. | |||||
| CVE-2025-53757 | 2025-07-16 | N/A | N/A | ||
| This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated with the router web interface. A remote attacker could exploit this vulnerability by capturing the session cookies transmitted over an unsecure HTTP connection. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information from the targeted device. | |||||
| CVE-2025-49319 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist for WooCommerce: from n/a through 3.2.3. | |||||
| CVE-2025-54041 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce allows Cross Site Request Forgery. This issue affects Wallet System for WooCommerce: from n/a through 2.6.7. | |||||
| CVE-2025-52803 | 2025-07-16 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. | |||||
| CVE-2025-30936 | 2025-07-16 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod allows SQL Injection. This issue affects Torod: from n/a through 1.9. | |||||
| CVE-2025-48166 | 2025-07-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Stop and Block bots plugin Anti bots: from n/a through 1.48. | |||||