Total
304045 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7455 | 1 Campcodes | 1 Online Movie Theater Seat Reservation System | 2025-07-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in Campcodes Online Movie Theater Seat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage_reserve.php. The manipulation of the argument mid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7456 | 1 Campcodes | 1 Online Movie Theater Seat Reservation System | 2025-07-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in Campcodes Online Movie Theater Seat Reservation System 1.0. Affected by this issue is some unknown functionality of the file /reserve.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-54023 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows DOM-Based XSS. This issue affects WP Delicious: from n/a through 1.8.4. | |||||
| CVE-2025-28982 | 2025-07-16 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP Pipes: from n/a through 1.4.3. | |||||
| CVE-2025-48301 | 2025-07-16 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid – YaySMTP allows SQL Injection. This issue affects SMTP for SendGrid – YaySMTP: from n/a through 1.5. | |||||
| CVE-2025-49034 | 2025-07-16 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.10.2. | |||||
| CVE-2025-40776 | 2025-07-16 | N/A | 8.6 HIGH | ||
| A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1. | |||||
| CVE-2025-54035 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Newsletters allows Cross Site Request Forgery. This issue affects Newsletters: from n/a through 4.10. | |||||
| CVE-2025-54018 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CM Pop-Up banners: from n/a through 1.8.4. | |||||
| CVE-2025-28961 | 2025-07-16 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener allows Object Injection. This issue affects URL Shortener: from n/a through 3.0.7. | |||||
| CVE-2025-54016 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Gilman Videopack allows DOM-Based XSS. This issue affects Videopack: from n/a through 4.10.3. | |||||
| CVE-2025-49031 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefan M. SMu Manual DoFollow allows Reflected XSS. This issue affects SMu Manual DoFollow: from n/a through 1.8.1. | |||||
| CVE-2025-48291 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery allows Stored XSS. This issue affects Contest Gallery: from n/a through 26.0.6. | |||||
| CVE-2025-54020 | 2025-07-16 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form 7 allows Cross Site Request Forgery. This issue affects AntiSpam for Contact Form 7: from n/a through 0.6.3. | |||||
| CVE-2025-29000 | 2025-07-16 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Multi-language Responsive Contact Form: from n/a through 2.8. | |||||
| CVE-2025-7673 | 2025-07-16 | N/A | 9.8 CRITICAL | ||
| A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request. | |||||
| CVE-2025-48167 | 2025-07-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in alexvtn Chatbox Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chatbox Manager: from n/a through 1.2.5. | |||||
| CVE-2025-48339 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0. | |||||
| CVE-2025-5845 | 2025-07-16 | N/A | 6.4 MEDIUM | ||
| The Affiliate Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘numColumns’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-54037 | 2025-07-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects News Kit Elementor Addons: from n/a through 1.3.4. | |||||