Total CVEs

143,226

Critical Severity

4,056

High Severity

14,605

Last 7 Days

1,273
Quick preset (or use dates below)
Clear Filters
Showing 14,901 - 14,920 of 15,052 CVEs
CVE-2025-55063 MEDIUM - 4.8

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Published: Dec 29, 2025
Source: NVD
CVE-2025-55062 MEDIUM - 4.8

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Published: Dec 29, 2025
Source: NVD
CVE-2025-55060 MEDIUM - 6.1

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Published: Dec 29, 2025
Source: NVD
CVE-2025-68868 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeaffairs Wp Text Slider Widget allows Stored XSS.This issue affects Wp Text Slider Widget: from n/a through 1.0.

Published: Dec 29, 2025
Source: NVD
CVE-2025-53627 MEDIUM - 5.3

Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces asymmetric encryption (PKI) for direct messages, but when the `pki_encrypted` flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an ...

Published: Dec 29, 2025
Source: NVD
CVE-2025-69206 MEDIUM - 4.3

Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery (SSRF) filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private I...

Vendor: hemmelig
Product: hemmelig
Published: Dec 29, 2025
Source: NVD
CVE-2025-68951 MEDIUM - 6.1

phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities. When an administrat...

Vendor: phpmyfaq
Product: phpmyfaq
Published: Dec 29, 2025
Source: NVD
CVE-2025-68893 MEDIUM - 4.9

Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through 1.1.0.

Published: Dec 29, 2025
Source: NVD
CVE-2025-68928 MEDIUM - 5.4

Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available.

Vendor: frappe
Product: frappe_crm
Published: Dec 29, 2025
Source: NVD
CVE-2025-65442 MEDIUM - 6.1

DOM-based Cross-Site Scripting (XSS) vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information (e.g., user session cookies) via a crafted "wvstest" parameter in the URL or malicious script injection into window.lo...

Vendor: xxyopen
Product: novel
Published: Dec 29, 2025
Source: NVD
CVE-2025-60458 MEDIUM - 6.5

UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free() on the same memory address, potentially causing a Denial of Service.

Vendor: antimof
Product: uxplay
Published: Dec 29, 2025
Source: NVD
CVE-2025-57462 MEDIUM - 6.1

Stored cross-site scripting (xss) in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file.

Vendor: machsol
Product: machpanel
Published: Dec 29, 2025
Source: NVD
CVE-2025-15188 MEDIUM - 4.8

A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotely. Th...

Vendor: campcodes
Product: online_beauty_parlor_management_system
Published: Dec 29, 2025
Source: NVD
CVE-2025-15187 MEDIUM - 6.5

A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing manipulation of the argument sqlFiles/zipFiles results in path traversal. The attack can be initiated remotely. The exploit has been made publ...

Vendor: njtech
Product: greencms
Published: Dec 29, 2025
Source: NVD
CVE-2025-15175 MEDIUM - 5.4

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attac...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-15174 MEDIUM - 5.4

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed fr...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-15070 MEDIUM - 6.5

Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse.This issue affects Web Fax: from 3.0 before 3.0.1

Vendor: gmission
Product: web_fax
Published: Dec 29, 2025
Source: NVD
CVE-2025-13958 MEDIUM - 5.9

The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting att...

Published: Dec 29, 2025
Source: NVD
CVE-2025-15173 MEDIUM - 5.4

A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit ha...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-15172 MEDIUM - 5.4

A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has b...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD