Total
306759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8399 | 2025-08-04 | N/A | 6.4 MEDIUM | ||
| The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-41373 | 2025-08-04 | N/A | N/A | ||
| A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php. | |||||
| CVE-2025-6076 | 2025-08-04 | N/A | 8.8 HIGH | ||
| Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability. | |||||
| CVE-2025-41372 | 2025-08-04 | N/A | N/A | ||
| A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/informe_campo_entrevistas.php. | |||||
| CVE-2025-54136 | 2025-08-04 | N/A | 7.2 HIGH | ||
| Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a collaborator accepts a harmless MCP, the attacker can silently swap it for a malicious command (e.g., calc.exe) without triggering any warning or re-prompt. If an attacker has write permissions on a user's active branches of a source repository that contains existing MCP servers the user has previously approved, or allows an attacker has arbitrary file-write locally, the attacker can achieve arbitrary code execution. This is fixed in version 1.3. | |||||
| CVE-2025-48499 | 2025-08-04 | N/A | 5.3 MEDIUM | ||
| Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition. | |||||
| CVE-2025-7646 | 2025-08-04 | N/A | 6.4 MEDIUM | ||
| The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have the unfiltered_html capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-8317 | 2025-08-04 | N/A | 6.4 MEDIUM | ||
| The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘angle’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-23290 | 2025-08-04 | N/A | 2.5 LOW | ||
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerability might lead to information disclosure. | |||||
| CVE-2025-54789 | 2025-08-04 | N/A | N/A | ||
| Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed in version 0.16.10. | |||||
| CVE-2025-8152 | 2025-08-04 | N/A | 5.3 MEDIUM | ||
| The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and 'change_sticky_sidebar_name' functions in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to update the status of a sticky and update the name displayed in the back-end WP CTA Dashboard. | |||||
| CVE-2025-41374 | 2025-08-04 | N/A | N/A | ||
| A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php. | |||||
| CVE-2025-6204 | 2025-08-04 | N/A | 8.0 HIGH | ||
| An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code. | |||||
| CVE-2025-8506 | 2025-08-04 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
| CVE-2025-7725 | 2025-08-04 | N/A | 7.2 HIGH | ||
| The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-23288 | 2025-08-04 | N/A | 3.3 LOW | ||
| NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may cause an exposure of sensitive system information with local unprivileged system access. A successful exploit of this vulnerability may lead to Information disclosure. | |||||
| CVE-2025-6626 | 2025-08-04 | N/A | 4.4 MEDIUM | ||
| The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the API URL Setting in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2025-7443 | 2025-08-04 | N/A | 8.1 HIGH | ||
| The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-5947 | 2025-08-04 | N/A | 9.8 CRITICAL | ||
| The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins. | |||||
| CVE-2025-23286 | 2025-08-04 | N/A | 4.4 MEDIUM | ||
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure. | |||||