Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,355
Quick preset (or use dates below)
Clear Filters
Showing 14,641 - 14,660 of 14,834 CVEs
CVE-2025-69008 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Inboxify Inboxify Sign Up Form inboxify-sign-up-form allows Stored XSS.This issue affects Inboxify Sign Up Form: from n/a through <= 1.0.4.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69007 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through <= 1.27.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69006 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atte Moisio AM Events am-events allows Stored XSS.This issue affects AM Events: from n/a through <= 1.13.1.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68998 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Heateor Support Heateor Social Login heateor-social-login allows Cross Site Request Forgery.This issue affects Heateor Social Login: from n/a through <= 1.1.39.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68997 MEDIUM - 5.3

Authorization Bypass Through User-Controlled Key vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.40.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68995 MEDIUM - 4.3

Missing Authorization vulnerability in Gal Dubinski My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.3.3.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68994 MEDIUM - 5.3

Missing Authorization vulnerability in XforWooCommerce Product Loops for WooCommerce product-loops allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Loops for WooCommerce: from n/a through <= 2.1.2.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68993 MEDIUM - 5.3

Missing Authorization vulnerability in XforWooCommerce Share, Print and PDF Products for WooCommerce share-print-pdf-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share, Print and PDF Products for WooCommerce: from n/a through <= 3.1.2.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68992 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xenioushk BWL Knowledge Base Manager bwl-kb-manager allows Stored XSS.This issue affects BWL Knowledge Base Manager: from n/a through <= 1.6.3.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68991 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68978 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core designthemes-core allows DOM-Based XSS.This issue affects DesignThemes Core: from n/a through <= 1.6.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68977 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio Addon designthemes-portfolio-addon allows DOM-Based XSS.This issue affects DesignThemes Portfolio Addon: from n/a through <= 1.5.

Published: Dec 30, 2025
Source: NVD
CVE-2025-15355 MEDIUM - 6.1

ISOinsight developed by NetVision Information has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

Published: Dec 30, 2025
Source: NVD
CVE-2025-15222 MEDIUM - 5.0

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high co...

Published: Dec 30, 2025
Source: NVD
CVE-2025-14313 MEDIUM - 6.1

The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Published: Dec 30, 2025
Source: NVD
CVE-2025-14312 MEDIUM - 6.1

The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Published: Dec 30, 2025
Source: NVD
CVE-2025-15221 MEDIUM - 5.4

A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has b...

Vendor: sohu
Product: cachecloud
Published: Dec 30, 2025
Source: NVD
CVE-2025-15220 MEDIUM - 6.1

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used...

Vendor: sohu
Product: cachecloud
Published: Dec 30, 2025
Source: NVD
CVE-2025-15219 MEDIUM - 5.4

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/MachineManageController.java. The manipulation leads to cross site scripting. The attack may be initiate...

Vendor: sohu
Product: cachecloud
Published: Dec 30, 2025
Source: NVD
CVE-2025-15214 MEDIUM - 4.8

A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function save_pricing of the file admin_class.php. The manipulation of the argument name/ride results in cross site scripting. The attack may be performed from remote. The exploit has been made public and c...

Vendor: campcodes
Product: park_ticketing_system
Published: Dec 30, 2025
Source: NVD