Total
299912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10098 | 1 Spiderteams | 1 Applyonline - Application Form Builder And Manager | 2025-06-09 | N/A | 2.7 LOW |
| The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain | |||||
| CVE-2024-10149 | 1 Cm-wp | 1 Social Slider Widget | 2025-06-09 | N/A | 4.8 MEDIUM |
| The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-10362 | 1 Inisev | 1 Social Media Share Buttons \& Social Sharing Icons | 2025-06-09 | N/A | 4.8 MEDIUM |
| The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-10475 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2025-06-09 | N/A | 4.8 MEDIUM |
| The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-22876 | 1 Strangebee | 1 Thehive | 2025-06-09 | N/A | 5.4 MEDIUM |
| StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator. | |||||
| CVE-2023-50082 | 1 Pbootcms | 1 Pbootcms | 2025-06-09 | N/A | 7.5 HIGH |
| Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform. | |||||
| CVE-2024-10631 | 1 Flickdevs | 1 Countdown Timer For Wordpress Block Editor | 2025-06-09 | N/A | 6.5 MEDIUM |
| The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-10632 | 1 Nokautpl | 1 Nokaut Offers Box | 2025-06-09 | N/A | 4.8 MEDIUM |
| The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-10634 | 1 Nokautpl | 1 Nokaut Offers Box | 2025-06-09 | N/A | 4.3 MEDIUM |
| The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack | |||||
| CVE-2025-1499 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-06-09 | N/A | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user. | |||||
| CVE-2025-25044 | 1 Ibm | 1 Planning Analytics Local | 2025-06-09 | N/A | 5.4 MEDIUM |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-2896 | 1 Ibm | 1 Planning Analytics Local | 2025-06-09 | N/A | 4.8 MEDIUM |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-11140 | 1 Vk011 | 1 Real Wp Shop Lite Ajax Ecommerce Shopping Cart | 2025-06-09 | N/A | 3.5 LOW |
| The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-33004 | 1 Ibm | 1 Planning Analytics Local | 2025-06-09 | N/A | 6.5 MEDIUM |
| IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction. | |||||
| CVE-2025-33005 | 1 Ibm | 1 Planning Analytics Local | 2025-06-09 | N/A | 6.3 MEDIUM |
| IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system. | |||||
| CVE-2025-46154 | 1 Foxcms | 1 Foxcms | 2025-06-09 | N/A | 8.4 HIGH |
| Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php. | |||||
| CVE-2025-43923 | 1 Unicomsi | 1 Focal Point | 2025-06-09 | N/A | 6.5 MEDIUM |
| An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation. | |||||
| CVE-2025-43924 | 1 Unicomsi | 1 Focal Point | 2025-06-09 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS. | |||||
| CVE-2025-44148 | 1 Mailenable | 1 Mailenable | 2025-06-09 | N/A | 9.8 CRITICAL |
| Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component | |||||
| CVE-2025-29306 | 1 Foxcms | 1 Foxcms | 2025-06-09 | N/A | 9.8 CRITICAL |
| An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. | |||||