Total
325099 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15355 | 2025-12-30 | 6.1 Medium | ||
| ISOinsight developed by NetVision Information has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | ||||
| CVE-2025-15102 | 2025-12-30 | 9.1 Critical | ||
| DVP-12SE11T - Password Protection Bypass | ||||
| CVE-2025-65239 | 2 Opencode, Opencode Systems | 2 Ussd Gateway, Ussd Gateway | 2025-12-30 | 4.3 Medium |
| Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs. | ||||
| CVE-2025-15103 | 2025-12-30 | 8.1 High | ||
| DVP-12SE11T - Authentication Bypass via Partial Password Disclosure | ||||
| CVE-2025-15358 | 2025-12-30 | 7.5 High | ||
| DVP-12SE11T - Denial of Service Vulnerability | ||||
| CVE-2025-15359 | 2025-12-30 | 9.1 Critical | ||
| DVP-12SE11T - Out-of-bound memory write Vulnerability | ||||
| CVE-2025-23469 | 2025-12-30 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sleekplan allows Reflected XSS.This issue affects Sleekplan: from n/a through 0.2.0. | ||||
| CVE-2025-23458 | 2025-12-30 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rakessh Ads24 Lite allows Reflected XSS.This issue affects Ads24 Lite: from n/a through 1.0. | ||||
| CVE-2025-68992 | 2025-12-30 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xenioushk BWL Knowledge Base Manager bwl-kb-manager allows Stored XSS.This issue affects BWL Knowledge Base Manager: from n/a through <= 1.6.3. | ||||
| CVE-2025-68036 | 2025-12-30 | 7.5 High | ||
| Missing Authorization vulnerability in Emraan Cheema CubeWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through 1.1.27. | ||||
| CVE-2025-68040 | 2025-12-30 | 6.5 Medium | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through 3.0.1. | ||||
| CVE-2023-41656 | 2025-12-30 | 5.4 Medium | ||
| Missing Authorization vulnerability in wpdive Better Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Elementor Addons: from n/a through 1.3.7. | ||||
| CVE-2025-68993 | 2025-12-30 | N/A | ||
| Missing Authorization vulnerability in XforWooCommerce Share, Print and PDF Products for WooCommerce share-print-pdf-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share, Print and PDF Products for WooCommerce: from n/a through <= 3.1.2. | ||||
| CVE-2023-32238 | 2025-12-30 | 5.4 Medium | ||
| Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1. | ||||
| CVE-2025-68504 | 2025-12-30 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch allows DOM-Based XSS.This issue affects JetSearch: from n/a through 3.5.16. | ||||
| CVE-2025-68562 | 2025-12-30 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3. | ||||
| CVE-2025-68607 | 2025-12-30 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.7.5. | ||||
| CVE-2025-68860 | 2025-12-30 | 9.8 Critical | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through 1.4.2. | ||||
| CVE-2025-69205 | 2025-12-30 | 6.3 Medium | ||
| Micro Registration Utility (µURU) is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation name and characters treated special by asterisk can be injected into the `Dial( )` application due to improper input validation. This allows an attacker to redirect calls on both of the federating instances. If the attack succeeds, the impact is very high. However, the requires that an admin accept the federation requests. As of time of publication, a known patched version of µURU is not available. | ||||
| CVE-2024-6060 | 1 Phloc | 1 Webscopes | 2025-12-30 | N/A |
| An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information. | ||||