Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,395
Quick preset (or use dates below)
Clear Filters
Showing 14,101 - 14,120 of 14,400 CVEs
CVE-2025-47566 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomSounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through 6.91.

Published: Dec 31, 2025
Source: NVD
CVE-2025-31054 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8.

Published: Dec 31, 2025
Source: NVD
CVE-2025-30628 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) allows SQL Injection.This issue affects Amazon Affiliates Addon for WPBakery Page Builder (formerly Vis...

Published: Dec 31, 2025
Source: NVD
CVE-2025-28949 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.

Published: Dec 31, 2025
Source: NVD
CVE-2025-23757 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proloy Chakroborty ZD Scribd iPaper allows Reflected XSS.This issue affects ZD Scribd iPaper: from n/a through 1.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-23719 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zckevin ZhinaTwitterWidget allows Reflected XSS.This issue affects ZhinaTwitterWidget: from n/a through 1.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-23707 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matamko En Masse allows Reflected XSS.This issue affects En Masse: from n/a through 1.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-23705 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Zielke Zielke Design Project Gallery allows Reflected XSS.This issue affects Zielke Design Project Gallery: from n/a through 2.5.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-23667 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christopher Churchill allows Reflected XSS.This issue affects custom-post-edit: from n/a through 1.0.4.

Published: Dec 31, 2025
Source: NVD
CVE-2025-15394 HIGH - 7.2

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and may ...

Vendor: idreamsoft
Product: icms
Published: Dec 31, 2025
Source: NVD
CVE-2025-15393 HIGH - 8.8

A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be initia...

Vendor: kodicms-kohana
Product: kodicms
Published: Dec 31, 2025
Source: NVD
CVE-2021-47747 HIGH - 8.8

meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges.

Published: Dec 31, 2025
Source: NVD
CVE-2021-47745 HIGH - 8.8

Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fw_url' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary ...

Published: Dec 31, 2025
Source: NVD
CVE-2021-47744 HIGH - 7.5

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices.

Published: Dec 31, 2025
Source: NVD
CVE-2021-47742 HIGH - 8.8

Epic Games Psyonix Rocket League <=1.95 contains an insecure permissions vulnerability that allows authenticated users to modify executable files with full access permissions. Attackers can leverage the 'F' (Full) flag for the 'Authenticated Users' group to change executable f...

Published: Dec 31, 2025
Source: NVD
CVE-2021-47741 HIGH - 7.5

ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclose t...

Published: Dec 31, 2025
Source: NVD
CVE-2021-47740 HIGH - 7.5

KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.

Published: Dec 31, 2025
Source: NVD
CVE-2021-47726 HIGH - 7.5

NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a specific cookie to re...

Published: Dec 31, 2025
Source: NVD
CVE-2020-36904 HIGH - 7.5

Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration, inc...

Published: Dec 31, 2025
Source: NVD
CVE-2020-36903 HIGH - 8.4

Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root...

Published: Dec 31, 2025
Source: NVD