Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,318
Quick preset (or use dates below)
Clear Filters
Showing 14,401 - 14,420 of 14,425 CVEs
CVE-2025-68529 HIGH - 8.8

Cross-Site Request Forgery (CSRF) vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery.This issue affects WP Email Capture: from n/a through <= 3.12.5.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68523 HIGH - 8.1

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through <= 5.0.7.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68522 HIGH - 8.8

Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68521 HIGH - 8.8

Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68517 HIGH - 8.1

Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.1.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68516 HIGH - 7.5

Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68505 HIGH - 8.8

Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through <= 1.16.1.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68494 HIGH - 7.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53.

Vendor: leap13
Product: premium_addons_for_elementor
Published: Dec 24, 2025
Source: NVD
CVE-2025-67909 HIGH - 8.1

Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through <= 3.0.3.

Published: Dec 24, 2025
Source: NVD
CVE-2025-67625 HIGH - 8.8

Cross-Site Request Forgery (CSRF) vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery.This issue affects Trade Runner: from n/a through <= 3.14.

Published: Dec 24, 2025
Source: NVD
CVE-2025-67622 HIGH - 8.8

Cross-Site Request Forgery (CSRF) vulnerability in titopandub Evergreen Post Tweeter evergreen-post-tweeter allows Stored XSS.This issue affects Evergreen Post Tweeter: from n/a through <= 1.8.9.

Published: Dec 24, 2025
Source: NVD
CVE-2025-67621 HIGH - 7.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a through <= 1.2.5.

Published: Dec 24, 2025
Source: NVD
CVE-2023-36525 HIGH - 8.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0.

Published: Dec 24, 2025
Source: NVD
CVE-2025-66445 HIGH - 7.1

Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-...

Published: Dec 24, 2025
Source: NVD
CVE-2025-66444 HIGH - 8.2

Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-...

Published: Dec 24, 2025
Source: NVD
CVE-2025-15053 HIGH - 7.3

A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from remote. The exploit has been published and ma...

Vendor: fabian
Product: student_information_system
Published: Dec 24, 2025
Source: NVD
CVE-2025-15050 HIGH - 8.8

A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed publicly a...

Vendor: fabian
Product: student_file_management_system
Published: Dec 24, 2025
Source: NVD
CVE-2025-10997 HIGH - 7.8

A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used.

Vendor: pip
Product: openbabel
Published: Sep 26, 2025
Source: NVD
CVE-2025-10996 HIGH - 7.8

A vulnerability was detected in Open Babel up to 3.1.1. This issue affects the function OBSmilesParser::ParseSmiles of the file /src/formats/smilesformat.cpp. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit is now public and may b...

Vendor: pip
Product: openbabel
Published: Sep 26, 2025
Source: NVD
CVE-2025-8267 HIGH - 7.5

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid. This oversight allows attackers to cra...

Vendor: npm
Product: ssrfcheck
Published: Jul 28, 2025
Source: NVD