Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,377
Quick preset (or use dates below)
Clear Filters
Showing 14,601 - 14,620 of 14,834 CVEs
CVE-2025-66094 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yada Wiki yada-wiki allows Stored XSS.This issue affects Yada Wiki: from n/a through 3.5.

Published: Dec 30, 2025
Source: NVD
CVE-2025-65925 MEDIUM - 6.5

An issue was discovered in Zeroheight (SaaS) prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification c...

Vendor: zeroheight
Product: zeroheight
Published: Dec 30, 2025
Source: NVD
CVE-2025-62128 MEDIUM - 4.3

Missing Authorization vulnerability in SiteLock SiteLock Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security: from n/a through 5.0.1.

Published: Dec 30, 2025
Source: NVD
CVE-2025-62112 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Merv Barrett Import into Easy Property Listings allows Cross Site Request Forgery.This issue affects Import into Easy Property Listings: from n/a through 2.2.1.

Published: Dec 30, 2025
Source: NVD
CVE-2025-66080 MEDIUM - 5.3

Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through 4.0.3.

Published: Dec 30, 2025
Source: NVD
CVE-2025-64190 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme.Com XStore Core allows DOM-Based XSS.This issue affects XStore Core: from n/a before 5.6.

Published: Dec 30, 2025
Source: NVD
CVE-2025-63027 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webcreations907 WBC907 Core allows Stored XSS.This issue affects WBC907 Core: from n/a through 3.4.1.

Published: Dec 30, 2025
Source: NVD
CVE-2025-62746 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeFlavors Featured Video for WordPress & VideographyWP allows Stored XSS.This issue affects Featured Video for WordPress & VideographyWP: from n/a through 1.0.18.

Published: Dec 30, 2025
Source: NVD
CVE-2025-15251 MEDIUM - 5.6

A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity r...

Published: Dec 30, 2025
Source: NVD
CVE-2025-15250 MEDIUM - 4.7

A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been di...

Published: Dec 30, 2025
Source: NVD
CVE-2025-14426 MEDIUM - 4.3

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and...

Published: Dec 30, 2025
Source: NVD
CVE-2025-15246 MEDIUM - 6.3

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has be...

Published: Dec 30, 2025
Source: NVD
CVE-2025-69093 MEDIUM - 5.3

Missing Authorization vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopMagic: from n/a through <= 4.7.2.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69092 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows DOM-Based XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.3.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69091 MEDIUM - 4.3

Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through <= 2.0.8.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69089 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in autolistings Auto Listings auto-listings allows Stored XSS.This issue affects Auto Listings: from n/a through <= 2.7.1.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69088 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vidish Combo Offers WooCommerce woo-combo-offers allows DOM-Based XSS.This issue affects Combo Offers WooCommerce: from n/a through <= 4.2.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69033 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.3.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69032 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through <= 1.7.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69031 MEDIUM - 5.3

Missing Authorization vulnerability in Skywarrior Arcane arcane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arcane: from n/a through <= 3.6.6.

Published: Dec 30, 2025
Source: NVD