Total
295446 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47558 | 2025-05-23 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in RomanCode MapSVG allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MapSVG: from n/a through 8.5.31. | |||||
| CVE-2025-5100 | 2025-05-23 | N/A | N/A | ||
| A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution. | |||||
| CVE-2025-47663 | 2025-05-23 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.0(20 through 11. | |||||
| CVE-2025-46487 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sftranna EC Authorize.net allows Reflected XSS. This issue affects EC Authorize.net: from n/a through 0.3.3. | |||||
| CVE-2025-47640 | 2025-05-23 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows SQL Injection. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.3.8. | |||||
| CVE-2025-47535 | 2025-05-23 | N/A | 8.6 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation allows Path Traversal. This issue affects Opal Woo Custom Product Variation: from n/a through 1.2.0. | |||||
| CVE-2025-32302 | 2025-05-23 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Winnex allows PHP Local File Inclusion. This issue affects Winnex: from n/a through 1.3.2. | |||||
| CVE-2025-4338 | 2025-05-23 | N/A | 6.8 MEDIUM | ||
| Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device Installer software or the password hash of the user running the application. | |||||
| CVE-2025-39494 | 2025-05-23 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër allows PHP Local File Inclusion. This issue affects Wilmër: from n/a through n/a. | |||||
| CVE-2025-48287 | 2025-05-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve allows Object Injection.This issue affects Pix 4x sem juros - Pagaleve: from n/a through 1.6.9. | |||||
| CVE-2025-5112 | 2025-05-23 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MGET Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-47438 | 2025-05-23 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.3.1. | |||||
| CVE-2025-32309 | 2025-05-23 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul allows PHP Local File Inclusion. This issue affects Healsoul: from n/a through 2.0.2. | |||||
| CVE-2025-47670 | 2025-05-23 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register allows PHP Local File Inclusion. This issue affects WordPress Social Login and Register: from n/a through 7.6.10. | |||||
| CVE-2025-46490 | 2025-05-23 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Upload a Web Shell to a Web Server. This issue affects Crossword Compiler Puzzles: from n/a through 5.2. | |||||
| CVE-2025-47603 | 2025-05-23 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo allows Path Traversal. This issue affects belingoGeo: from n/a through 1.12.0. | |||||
| CVE-2024-13945 | 2025-05-23 | N/A | 6.0 MEDIUM | ||
| Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-47646 | 2025-05-23 | N/A | 9.8 CRITICAL | ||
| Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration allows Password Recovery Exploitation. This issue affects PSW Front-end Login & Registration: from n/a through 1.13. | |||||
| CVE-2025-46437 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tayoricom Tayori Form allows Reflected XSS. This issue affects Tayori Form: from n/a through 1.2.9. | |||||
| CVE-2024-13958 | 2025-05-23 | N/A | 4.8 MEDIUM | ||
| Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||