Total
304774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2797 | 1 Xtendify | 1 Woffice | 2025-08-08 | N/A | 5.4 MEDIUM |
| The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the 'woffice_handle_user_approval_actions' function. This makes it possible for unauthenticated attackers to approve registration for any user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-2798 | 1 Xtendify | 1 Woffice | 2025-08-08 | N/A | 9.8 CRITICAL |
| The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link. | |||||
| CVE-2025-2807 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2025-08-08 | N/A | 8.8 HIGH |
| The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-2808 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2025-08-08 | N/A | 5.4 MEDIUM |
| The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-3437 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2025-08-08 | N/A | 4.3 MEDIUM |
| The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and including, 1.4.66. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute several initial set-up actions. | |||||
| CVE-2025-0161 | 1 Ibm | 1 Security Verify Access | 2025-08-08 | N/A | 7.8 HIGH |
| IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation. | |||||
| CVE-2025-26525 | 1 Moodle | 1 Moodle | 2025-08-08 | N/A | 8.6 HIGH |
| Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed). | |||||
| CVE-2025-26526 | 1 Moodle | 1 Moodle | 2025-08-08 | N/A | 6.5 MEDIUM |
| Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities. | |||||
| CVE-2025-26527 | 1 Moodle | 1 Moodle | 2025-08-08 | N/A | 5.3 MEDIUM |
| Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block. | |||||
| CVE-2025-26528 | 1 Moodle | 1 Moodle | 2025-08-08 | N/A | 3.4 LOW |
| The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk. | |||||
| CVE-2025-26529 | 1 Moodle | 1 Moodle | 2025-08-08 | N/A | 8.3 HIGH |
| Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk. | |||||
| CVE-2025-0719 | 1 Ibm | 1 Cloud Pak For Data | 2025-08-08 | N/A | 6.1 MEDIUM |
| IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-41778 | 1 Ibm | 1 Controller | 2025-08-08 | N/A | 5.3 MEDIUM |
| IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2025-2252 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-08-08 | N/A | 5.3 MEDIUM |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal. | |||||
| CVE-2025-2685 | 1 Tablepress | 1 Tablepress | 2025-08-08 | N/A | 6.4 MEDIUM |
| The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-6444 | 1 Servicestack | 1 Servicestack | 2025-08-08 | N/A | 5.9 MEDIUM |
| ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of the GetErrorResponse method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to relay NTLM credentials in the context of the current user. Was ZDI-CAN-25834. | |||||
| CVE-2025-6445 | 1 Servicestack | 1 Servicestack | 2025-08-08 | N/A | 8.1 HIGH |
| ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of the FindType method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25837. | |||||
| CVE-2025-50692 | 2025-08-08 | N/A | 9.8 CRITICAL | ||
| FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html. | |||||
| CVE-2025-23266 | 2025-08-08 | N/A | 9.0 CRITICAL | ||
| NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. | |||||
| CVE-2024-30361 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-08-08 | N/A | 7.8 HIGH |
| Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22877. | |||||