Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,395
Quick preset (or use dates below)
Clear Filters
Showing 14,141 - 14,160 of 14,400 CVEs
CVE-2025-15271 HIGH - 8.8

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a m...

Vendor: fontforge
Product: fontforge
Published: Dec 31, 2025
Source: NVD
CVE-2025-15270 HIGH - 8.8

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a m...

Vendor: fontforge
Product: fontforge
Published: Dec 31, 2025
Source: NVD
CVE-2025-15269 HIGH - 8.8

FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or ope...

Vendor: fontforge
Product: fontforge
Published: Dec 31, 2025
Source: NVD
CVE-2025-68885 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Page Carbajal Custom Post Status allows Stored XSS.This issue affects Custom Post Status: from n/a through 1.1.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-49354 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Mindstien Technologies Recent Posts From Each Category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through 1.4.

Published: Dec 31, 2025
Source: NVD
CVE-2025-49353 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Marcin Kijak Noindex by Path allows Stored XSS.This issue affects Noindex by Path: from n/a through 1.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-49345 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through 3.1.2.

Published: Dec 31, 2025
Source: NVD
CVE-2025-49344 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Rene Ade SensitiveTagCloud allows Stored XSS.This issue affects SensitiveTagCloud: from n/a through 1.4.1.

Published: Dec 31, 2025
Source: NVD
CVE-2025-49343 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Socialprofilr Social Profilr allows Stored XSS.This issue affects Social Profilr: from n/a through 1.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-49342 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Wolfgang Häfelinger Custom Style allows Stored XSS.This issue affects Custom Style: from n/a through 1.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-13029 HIGH - 7.5

The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.

Published: Dec 31, 2025
Source: NVD
CVE-2025-59137 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in eLEOPARD Behance Portfolio Manager allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through 1.7.5.

Published: Dec 31, 2025
Source: NVD
CVE-2025-49346 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Simple Archive Generator allows Stored XSS.This issue affects Simple Archive Generator: from n/a through 5.2.

Published: Dec 31, 2025
Source: NVD
CVE-2025-15375 HIGH - 8.8

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. The exp...

Vendor: eyoucms
Product: eyoucms
Published: Dec 31, 2025
Source: NVD
CVE-2025-68131 HIGH - 7.5

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28) persist in memory a...

Vendor: agronholm
Product: cbor2
Published: Dec 31, 2025
Source: NVD
CVE-2025-15371 HIGH - 7.8

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The ...

Published: Dec 31, 2025
Source: NVD
CVE-2025-62753 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MadrasThemes MAS Videos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through 1.3.2.

Published: Dec 30, 2025
Source: NVD
CVE-2025-59131 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Hoernerfranz WP-CalDav2ICS allows Stored XSS.This issue affects WP-CalDav2ICS: from n/a through 1.3.4.

Published: Dec 30, 2025
Source: NVD
CVE-2024-58315 HIGH - 7.8

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized c...

Vendor: tosi
Product: tosibox_key
Published: Dec 30, 2025
Source: NVD
CVE-2023-54163 HIGH - 7.5

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking applica...

Vendor: nlb
Product: mklik_makedonija
Published: Dec 30, 2025
Source: NVD