Total
304046 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48161 | 2025-07-16 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection. This issue affects YaySMTP: from n/a through 1.3. | |||||
| CVE-2025-54006 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.4.1. | |||||
| CVE-2025-6747 | 2025-07-16 | N/A | 6.4 MEDIUM | ||
| The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusion_map' shortcode in all versions up to, and including, 3.12.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-49876 | 2025-07-16 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.2. | |||||
| CVE-2025-53755 | 2025-07-16 | N/A | N/A | ||
| This vulnerability exists in Digisol DG-GR6821AC Router due to storage of credentials and PINS without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted data stored in the firmware of targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the network of the targeted device. | |||||
| CVE-2025-52779 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS. This issue affects Dot html,php,xml etc pages: from n/a through 1.0. | |||||
| CVE-2025-40985 | 2025-07-16 | N/A | N/A | ||
| SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data from the database via the ‘login’ parameter in the endpoint ‘/scatevision_web/index.php/loginForm’. | |||||
| CVE-2025-47652 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affects Infility Global: from n/a through 2.13.4. | |||||
| CVE-2025-30959 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product XML Feed Manager for WooCommerce: from n/a through 2.9.2. | |||||
| CVE-2025-48155 | 2025-07-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Residential Address Detection: from n/a through 2.5.9. | |||||
| CVE-2025-32574 | 2025-07-16 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: from n/a through 65.0. | |||||
| CVE-2025-53997 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in favethemes Houzez allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez: from n/a through 4.0.4. | |||||
| CVE-2025-31055 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vergatheme Electrician - Electrical Service WordPress allows Reflected XSS. This issue affects Electrician - Electrical Service WordPress: from n/a through 1.0. | |||||
| CVE-2025-6981 | 2025-07-16 | N/A | N/A | ||
| An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18 and was fixed in versions 3.14.15, 3.15.10, 3.16.6 and 3.17.3 | |||||
| CVE-2025-53982 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects JetElements For Elementor: from n/a through 2.7.7. | |||||
| CVE-2025-54010 | 2025-07-16 | N/A | 9.6 CRITICAL | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets allows Cross Site Request Forgery. This issue affects FluentSnippets: from n/a through 10.50. | |||||
| CVE-2025-6043 | 2025-07-16 | N/A | 8.1 HIGH | ||
| The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 16.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. This is only exploitable when advanced mode is enabled on the site. | |||||
| CVE-2025-53991 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTricks allows Stored XSS. This issue affects JetTricks: from n/a through 1.5.4.1. | |||||
| CVE-2025-5843 | 2025-07-16 | N/A | 6.4 MEDIUM | ||
| The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 5.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-54015 | 2025-07-16 | N/A | 6.6 MEDIUM | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins HT Contact Form 7 allows PHP Local File Inclusion. This issue affects HT Contact Form 7: from n/a through 2.0.0. | |||||