Total CVEs

143,226

Critical Severity

4,056

High Severity

14,605

Last 7 Days

1,273
Quick preset (or use dates below)
Clear Filters
Showing 14,881 - 14,900 of 15,052 CVEs
CVE-2025-68498 MEDIUM - 6.5

Missing Authorization vulnerability in Crocoblock JetTabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through 2.2.12.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68120 MEDIUM - 5.4

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

Vendor: go
Product: go
Published: Dec 30, 2025
Source: NVD
CVE-2025-68040 MEDIUM - 6.5

Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through 3.0.1.

Published: Dec 30, 2025
Source: NVD
CVE-2023-41656 MEDIUM - 5.4

Missing Authorization vulnerability in wpdive Better Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Elementor Addons: from n/a through 1.3.7.

Published: Dec 30, 2025
Source: NVD
CVE-2023-32238 MEDIUM - 5.4

Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68607 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.7.5.

Published: Dec 29, 2025
Source: NVD
CVE-2025-68504 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch allows DOM-Based XSS.This issue affects JetSearch: from n/a through 3.5.16.

Published: Dec 29, 2025
Source: NVD
CVE-2025-68503 MEDIUM - 6.5

Missing Authorization vulnerability in Crocoblock JetBlog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetBlog: from n/a through 2.4.7.

Published: Dec 29, 2025
Source: NVD
CVE-2025-68502 MEDIUM - 4.3

Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through 2.0.20.1.

Published: Dec 29, 2025
Source: NVD
CVE-2025-69205 MEDIUM - 6.3

Micro Registration Utility (ยตURU) is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation name and characters treated special by asterisk can be injected into the `Dial( )...

Published: Dec 29, 2025
Source: NVD
CVE-2025-15204 MEDIUM - 4.8

A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The explo...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-69202 MEDIUM - 6.5

Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. The cache key is generated only from the URL, ignoring ...

Vendor: axios-cache-interceptor
Product: axios_cache_interceptor
Published: Dec 29, 2025
Source: NVD
CVE-2025-15203 MEDIUM - 4.8

A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been m...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-15202 MEDIUM - 4.8

A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-68431 MEDIUM - 6.5

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or ...

Published: Dec 29, 2025
Source: NVD
CVE-2025-15201 MEDIUM - 5.4

A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The explo...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-15200 MEDIUM - 4.8

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scr...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-14728 MEDIUM - 6.8

Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occurs due to insufficien...

Published: Dec 29, 2025
Source: NVD
CVE-2025-14280 MEDIUM - 5.3

The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, w...

Published: Dec 29, 2025
Source: NVD
CVE-2025-55064 MEDIUM - 4.8

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Published: Dec 29, 2025
Source: NVD