Total
307408 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0144 | 1 Zoom | 7 Meeting Software Development Kit, Rooms, Rooms Controller and 4 more | 2025-08-20 | N/A | 3.1 LOW |
| Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access. | |||||
| CVE-2024-7122 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-08-20 | N/A | 6.4 MEDIUM |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-2092 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-08-20 | N/A | 5.4 MEDIUM |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-4401 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-08-20 | N/A | 6.4 MEDIUM |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-6226 | 1 A17lab | 1 Wpstickybar | 2025-08-20 | N/A | 6.1 MEDIUM |
| The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-5765 | 1 A17lab | 1 Wpstickybar | 2025-08-20 | N/A | 9.8 CRITICAL |
| The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | |||||
| CVE-2024-9282 | 1 1234n | 1 Minicms | 2025-08-20 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-9281 | 1 1234n | 1 Minicms | 2025-08-20 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2020-27223 | 5 Apache, Debian, Eclipse and 2 more | 16 Nifi, Solr, Spark and 13 more | 2025-08-20 | 4.3 MEDIUM | 5.2 MEDIUM |
| In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | |||||
| CVE-2025-5497 | 1 Phpwcms | 1 Phpwcms | 2025-08-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 1.9.46 and 1.10.9 is sufficient to resolve this issue. The patch is named 41a72eca0baa9d9d0214fec97db2400bc082d2a9. It is recommended to upgrade the affected component. | |||||
| CVE-2025-32947 | 2025-08-20 | N/A | 7.5 HIGH | ||
| This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities. | |||||
| CVE-2024-23942 | 2025-08-20 | N/A | 7.1 HIGH | ||
| A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS. | |||||
| CVE-2025-57748 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57747 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57746 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57745 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57744 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57743 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57742 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2024-28446 | 1 Szlbt | 2 Lbt-t300-mini1, Lbt-t300-mini1 Firmware | 2025-08-20 | N/A | 5.7 MEDIUM |
| Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at /apply.cgi. | |||||