Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,318
Quick preset (or use dates below)
Clear Filters
Showing 14,681 - 14,700 of 14,834 CVEs
CVE-2025-14280 MEDIUM - 5.3

The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, w...

Published: Dec 29, 2025
Source: NVD
CVE-2025-55064 MEDIUM - 4.8

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Published: Dec 29, 2025
Source: NVD
CVE-2025-55063 MEDIUM - 4.8

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Published: Dec 29, 2025
Source: NVD
CVE-2025-55062 MEDIUM - 4.8

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Published: Dec 29, 2025
Source: NVD
CVE-2025-55060 MEDIUM - 6.1

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Published: Dec 29, 2025
Source: NVD
CVE-2025-68868 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeaffairs Wp Text Slider Widget allows Stored XSS.This issue affects Wp Text Slider Widget: from n/a through 1.0.

Published: Dec 29, 2025
Source: NVD
CVE-2025-53627 MEDIUM - 5.3

Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces asymmetric encryption (PKI) for direct messages, but when the `pki_encrypted` flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an ...

Published: Dec 29, 2025
Source: NVD
CVE-2025-69206 MEDIUM - 4.3

Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery (SSRF) filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private I...

Vendor: hemmelig
Product: hemmelig
Published: Dec 29, 2025
Source: NVD
CVE-2025-68951 MEDIUM - 6.1

phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities. When an administrat...

Vendor: phpmyfaq
Product: phpmyfaq
Published: Dec 29, 2025
Source: NVD
CVE-2025-68893 MEDIUM - 4.9

Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through 1.1.0.

Published: Dec 29, 2025
Source: NVD
CVE-2025-68928 MEDIUM - 5.4

Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available.

Vendor: frappe
Product: frappe_crm
Published: Dec 29, 2025
Source: NVD
CVE-2025-65442 MEDIUM - 6.1

DOM-based Cross-Site Scripting (XSS) vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information (e.g., user session cookies) via a crafted "wvstest" parameter in the URL or malicious script injection into window.lo...

Vendor: xxyopen
Product: novel
Published: Dec 29, 2025
Source: NVD
CVE-2025-60458 MEDIUM - 6.5

UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free() on the same memory address, potentially causing a Denial of Service.

Vendor: antimof
Product: uxplay
Published: Dec 29, 2025
Source: NVD
CVE-2025-57462 MEDIUM - 6.1

Stored cross-site scripting (xss) in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file.

Vendor: machsol
Product: machpanel
Published: Dec 29, 2025
Source: NVD
CVE-2025-15188 MEDIUM - 4.8

A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotely. Th...

Vendor: campcodes
Product: online_beauty_parlor_management_system
Published: Dec 29, 2025
Source: NVD
CVE-2025-15187 MEDIUM - 6.5

A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing manipulation of the argument sqlFiles/zipFiles results in path traversal. The attack can be initiated remotely. The exploit has been made publ...

Vendor: njtech
Product: greencms
Published: Dec 29, 2025
Source: NVD
CVE-2025-15175 MEDIUM - 5.4

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attac...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-15174 MEDIUM - 5.4

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed fr...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-15070 MEDIUM - 6.5

Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse.This issue affects Web Fax: from 3.0 before 3.0.1

Vendor: gmission
Product: web_fax
Published: Dec 29, 2025
Source: NVD
CVE-2025-13958 MEDIUM - 5.9

The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting att...

Published: Dec 29, 2025
Source: NVD