Total
295452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46537 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ctltwp Section Widget allows Reflected XSS. This issue affects Section Widget: from n/a through 3.3.1. | |||||
| CVE-2025-48369 | 2025-05-23 | N/A | N/A | ||
| Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XSS) vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an file with a crafted filename. When administrators or other users view the task containing this malicious file, the payload executes in their browser context. The application fails to sanitize image filenames before rendering them in the comment. By uploading an image with a crafted filename containing XSS payloads, attackers can steal sensitive information. Versions 6.8.119 and 25.0.20 contain a fix for the issue. | |||||
| CVE-2025-48701 | 2025-05-23 | N/A | 5.4 MEDIUM | ||
| openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used. | |||||
| CVE-2024-13948 | 2025-05-23 | N/A | 7.3 HIGH | ||
| Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-3894 | 2025-05-23 | N/A | N/A | ||
| Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue. | |||||
| CVE-2025-31631 | 2025-05-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House allows Object Injection. This issue affects Fish House: from n/a through 1.2.7. | |||||
| CVE-2025-47619 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal. This issue affects 6Storage Rentals: from n/a through 2.19.4. | |||||
| CVE-2025-46444 | 2025-05-23 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scripteo Ads Pro Plugin allows PHP Local File Inclusion. This issue affects Ads Pro Plugin: from n/a through 4.88. | |||||
| CVE-2025-32293 | 2025-05-23 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant allows Object Injection. This issue affects Finance Consultant: from n/a through 2.8. | |||||
| CVE-2025-47687 | 2025-05-23 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4. | |||||
| CVE-2025-47671 | 2025-05-23 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan allows SQL Injection. This issue affects Binary MLM Plan: from n/a through 3.0. | |||||
| CVE-2025-39505 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hotel allows Reflected XSS. This issue affects Goodlayers Hotel: from n/a through 3.1.4. | |||||
| CVE-2024-48702 | 2025-05-23 | N/A | N/A | ||
| PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter. | |||||
| CVE-2024-13954 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
| Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-46486 | 2025-05-23 | N/A | 4.9 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway allows Path Traversal. This issue affects Nomupay Payment Processing Gateway: from n/a through 7.1.7. | |||||
| CVE-2024-13946 | 2025-05-23 | N/A | 6.8 MEDIUM | ||
| DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-48286 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS. This issue affects ReDi Restaurant Reservation: from n/a through 24.1209. | |||||
| CVE-2025-41377 | 2025-05-23 | N/A | N/A | ||
| Cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve the encryption key, resulting in the loading of malicious firmware. | |||||
| CVE-2025-47642 | 2025-05-23 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server. This issue affects Ajar in5 Embed: from n/a through 3.1.5. | |||||
| CVE-2025-47529 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through 1.1.1. | |||||