Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,392
Quick preset (or use dates below)
Clear Filters
Showing 14,441 - 14,460 of 14,826 CVEs
CVE-2025-13820 MEDIUM - 5.3

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing their email address) when such user does not have an account on disqus.com yet.

Published: Jan 01, 2026
Source: NVD
CVE-2025-69413 MEDIUM - 5.3

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists.

Vendor: gitea
Product: gitea
Published: Jan 01, 2026
Source: NVD
CVE-2025-67711 MEDIUM - 6.1

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Vendor: esri
Product: arcgis_server
Published: Dec 31, 2025
Source: NVD
CVE-2025-67710 MEDIUM - 6.1

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Vendor: esri
Product: arcgis_server
Published: Dec 31, 2025
Source: NVD
CVE-2025-67709 MEDIUM - 6.1

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Vendor: esri
Product: arcgis_server
Published: Dec 31, 2025
Source: NVD
CVE-2025-67708 MEDIUM - 6.1

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Vendor: esri
Product: arcgis_server
Published: Dec 31, 2025
Source: NVD
CVE-2025-67705 MEDIUM - 6.1

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Vendor: esri
Product: arcgis_server
Published: Dec 31, 2025
Source: NVD
CVE-2025-67704 MEDIUM - 6.1

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Vendor: esri
Product: arcgis_server
Published: Dec 31, 2025
Source: NVD
CVE-2025-67703 MEDIUM - 6.1

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Vendor: esri
Product: arcgis_server
Published: Dec 31, 2025
Source: NVD
CVE-2023-7331 MEDIUM - 4.7

A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using a r...

Published: Dec 31, 2025
Source: NVD
CVE-2025-66148 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Conformer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through 1.0.7.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66146 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Logger for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logger for Elementor: from n/a through 1.0.9.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66145 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Worker for WPBakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for WPBakery: from n/a through 1.1.1.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66144 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Worker for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for Elementor: from n/a through 1.0.10.

Published: Dec 31, 2025
Source: NVD
CVE-2025-28973 MEDIUM - 6.5

Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66153 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Headinger for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headinger for Elementor: from n/a through 1.1.4.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66152 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Criptopayer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Criptopayer for Elementor: from n/a through 1.0.1.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66151 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Countdowner for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through 1.0.4.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66150 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through 1.1.1.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66149 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove UnGrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through 3.1.3.

Published: Dec 31, 2025
Source: NVD