Total
295462 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47678 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS. This issue affects FunnelCockpit: from n/a through 1.4.2. | |||||
| CVE-2025-39485 | 2025-05-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour | Travel Agency WordPress allows Object Injection. This issue affects Grand Tour | Travel Agency WordPress: from n/a through 5.5.1. | |||||
| CVE-2025-46493 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Stored XSS. This issue affects Crossword Compiler Puzzles: from n/a through 5.3. | |||||
| CVE-2025-31916 | 2025-05-23 | N/A | 9.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a. | |||||
| CVE-2025-46446 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanrojas Libro de Reclamaciones allows Stored XSS. This issue affects Libro de Reclamaciones: from n/a through 1.0.1. | |||||
| CVE-2025-47673 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.16. | |||||
| CVE-2024-13952 | 2025-05-23 | N/A | 8.4 HIGH | ||
| Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-47690 | 2025-05-23 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data Collection to CRM: from n/a through 3.1. | |||||
| CVE-2025-39536 | 2025-05-23 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through 3.6. | |||||
| CVE-2025-31430 | 2025-05-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection. This issue affects The Business: from n/a through 1.6.1. | |||||
| CVE-2025-5114 | 2025-05-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the argument filePath leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2018-25110 | 2025-05-23 | N/A | N/A | ||
| Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown input, such as deeply nested or repetitively structured brackets or tag attributes, which cause the parser to hang and lead to a Denial of Service. | |||||
| CVE-2024-7803 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
| An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS. | |||||
| CVE-2024-13951 | 2025-05-23 | N/A | 7.6 HIGH | ||
| One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-31636 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SaurabhSharma WP Post Modules for Elementor allows Reflected XSS. This issue affects WP Post Modules for Elementor: from n/a through 2.5.0. | |||||
| CVE-2025-36527 | 2025-05-23 | N/A | 8.3 HIGH | ||
| Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports. | |||||
| CVE-2024-13957 | 2025-05-23 | N/A | 7.6 HIGH | ||
| SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2024-13949 | 2025-05-23 | N/A | 6.8 MEDIUM | ||
| Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-31914 | 2025-05-23 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Blind SQL Injection. This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through 1.0.2. | |||||
| CVE-2025-47680 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags allows Reflected XSS. This issue affects xili-tidy-tags: from n/a through 1.12.06. | |||||