Total
305841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8949 | 2025-08-14 | 8.3 HIGH | 7.2 HIGH | ||
| A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-27388 | 2025-08-14 | N/A | N/A | ||
| Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens. | |||||
| CVE-2025-8958 | 2025-08-14 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-52721 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3. | |||||
| CVE-2025-54706 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magical Posts Display: from n/a through 1.2.52. | |||||
| CVE-2025-54694 | 2025-08-14 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block allows Cross Site Request Forgery. This issue affects Button Block: from n/a through 1.2.0. | |||||
| CVE-2025-54679 | 2025-08-14 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Neon Channel Product Customizer Free: from n/a through 2.0. | |||||
| CVE-2025-3703 | 2025-08-14 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox allows PHP Local File Inclusion. This issue affects CSS & JavaScript Toolbox: from n/a through n/a. | |||||
| CVE-2025-48860 | 2025-08-14 | N/A | 8.0 HIGH | ||
| A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to access sensitive data. | |||||
| CVE-2025-49064 | 2025-08-14 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch allows Reflected XSS. This issue affects User Language Switch: from n/a through 1.6.10. | |||||
| CVE-2025-54676 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.3. | |||||
| CVE-2025-49044 | 2025-08-14 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll allows Stored XSS. This issue affects Simple Poll: from n/a through 1.1.1. | |||||
| CVE-2025-54696 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a through 3.5.26. | |||||
| CVE-2025-49063 | 2025-08-14 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) allows Reflected XSS. This issue affects BaiduXZH Submit(百度熊掌号): from n/a through 1.4.6. | |||||
| CVE-2025-5942 | 2025-08-14 | N/A | N/A | ||
| Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can also potentially be performed by an unprivileged user whose NS Client is configured to use Endpoint DLP. A successful exploit can result in a denial-of-service for the local machine. | |||||
| CVE-2025-55199 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero. | |||||
| CVE-2025-54698 | 2025-08-14 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified Listing: from n/a through 5.0.0. | |||||
| CVE-2025-54681 | 2025-08-14 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Phishing. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4. | |||||
| CVE-2025-54692 | 2025-08-14 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.9.0. | |||||
| CVE-2025-54688 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.1.2. | |||||