Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,318
Quick preset (or use dates below)
Clear Filters
Showing 14,661 - 14,680 of 14,834 CVEs
CVE-2025-15213 MEDIUM - 4.3

A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument store_id leads to improper authorization. The attack is possible to be ca...

Vendor: fabian
Product: student_file_management_system
Published: Dec 30, 2025
Source: NVD
CVE-2025-68499 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through 2.2.12.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68498 MEDIUM - 6.5

Missing Authorization vulnerability in Crocoblock JetTabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through 2.2.12.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68120 MEDIUM - 5.4

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

Vendor: go
Product: go
Published: Dec 30, 2025
Source: NVD
CVE-2025-68040 MEDIUM - 6.5

Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through 3.0.1.

Published: Dec 30, 2025
Source: NVD
CVE-2023-41656 MEDIUM - 5.4

Missing Authorization vulnerability in wpdive Better Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Elementor Addons: from n/a through 1.3.7.

Published: Dec 30, 2025
Source: NVD
CVE-2023-32238 MEDIUM - 5.4

Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68607 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.7.5.

Published: Dec 29, 2025
Source: NVD
CVE-2025-68504 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch allows DOM-Based XSS.This issue affects JetSearch: from n/a through 3.5.16.

Published: Dec 29, 2025
Source: NVD
CVE-2025-68503 MEDIUM - 6.5

Missing Authorization vulnerability in Crocoblock JetBlog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetBlog: from n/a through 2.4.7.

Published: Dec 29, 2025
Source: NVD
CVE-2025-68502 MEDIUM - 4.3

Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through 2.0.20.1.

Published: Dec 29, 2025
Source: NVD
CVE-2025-69205 MEDIUM - 6.3

Micro Registration Utility (ยตURU) is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation name and characters treated special by asterisk can be injected into the `Dial( )...

Published: Dec 29, 2025
Source: NVD
CVE-2025-15204 MEDIUM - 4.8

A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The explo...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-69202 MEDIUM - 6.5

Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. The cache key is generated only from the URL, ignoring ...

Vendor: axios-cache-interceptor
Product: axios_cache_interceptor
Published: Dec 29, 2025
Source: NVD
CVE-2025-15203 MEDIUM - 4.8

A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been m...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-15202 MEDIUM - 4.8

A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-68431 MEDIUM - 6.5

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or ...

Published: Dec 29, 2025
Source: NVD
CVE-2025-15201 MEDIUM - 5.4

A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The explo...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-15200 MEDIUM - 4.8

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scr...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-14728 MEDIUM - 6.8

Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occurs due to insufficien...

Published: Dec 29, 2025
Source: NVD