Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,388
Quick preset (or use dates below)
Clear Filters
Showing 14,461 - 14,480 of 14,826 CVEs
CVE-2021-47743 MEDIUM - 6.1

COMMAX Biometric Access Control System 1.0.0 contains an unauthenticated reflected cross-site scripting vulnerability in cookie parameters 'CMX_ADMIN_NM' and 'CMX_COMPLEX_NM'. Attackers can inject malicious HTML and JavaScript code into these cookie values to execute arbitrary sc...

Published: Dec 31, 2025
Source: NVD
CVE-2021-47725 MEDIUM - 5.4

STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context ...

Published: Dec 31, 2025
Source: NVD
CVE-2025-62989 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boxy Studio Cooked allows Stored XSS.This issue affects Cooked: from n/a through 1.11.2.

Published: Dec 31, 2025
Source: NVD
CVE-2025-59135 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eLEOPARD Behance Portfolio Manager allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through 1.7.5.

Published: Dec 31, 2025
Source: NVD
CVE-2025-49355 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ikaes Accessibility Press allows Stored XSS.This issue affects Accessibility Press: from n/a through 1.0.2.

Published: Dec 31, 2025
Source: NVD
CVE-2025-49337 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janhenckens Dashboard Beacon allows Stored XSS.This issue affects Dashboard Beacon: from n/a through 1.2.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66160 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Select Graphist for Elementor Graphist for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Select Graphist for Elementor Graphist for Elementor: from n/a through 1.2.10.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66159 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Walker for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through 1.1.6.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66158 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Gmaper for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gmaper for Elementor: from n/a through 1.0.9.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66157 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider for Elementor: from n/a through 1.0.10.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66156 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Watcher for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watcher for Elementor: from n/a through 1.0.9.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66155 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Questionar for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through 1.1.7.

Published: Dec 31, 2025
Source: NVD
CVE-2025-66154 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Couponer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Couponer for Elementor: from n/a through 1.1.7.

Published: Dec 31, 2025
Source: NVD
CVE-2025-63038 MEDIUM - 4.3

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.40.

Published: Dec 31, 2025
Source: NVD
CVE-2025-63021 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetipi Valenti Engine allows DOM-Based XSS.This issue affects Valenti Engine: from n/a through 1.0.3.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62874 MEDIUM - 4.3

Missing Authorization vulnerability in Alexander AnyComment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through 0.3.6.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62123 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Ink themes WP Gmail SMTP allows Cross Site Request Forgery.This issue affects WP Gmail SMTP: from n/a through 1.0.7.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62115 MEDIUM - 4.3

Missing Authorization vulnerability in ThemeBoy Hide Plugins allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hide Plugins: from n/a through 1.0.4.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62113 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in emendo_seb Co-marquage service-public.Fr allows Cross Site Request Forgery.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.77.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62101 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Omid Shamloo Pardakht Delkhah allows Cross Site Request Forgery.This issue affects Pardakht Delkhah: from n/a through 3.0.0.

Published: Dec 31, 2025
Source: NVD