Total
308611 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5125 | 1 Howardehrenberg | 1 Custom Post Carousels With Owl | 2025-07-11 | N/A | 4.8 MEDIUM |
| The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it. | |||||
| CVE-2022-32144 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2025-07-11 | N/A | 8.6 HIGH |
| There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32144. | |||||
| CVE-2025-48700 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-07-11 | N/A | 6.1 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction. | |||||
| CVE-2025-5488 | 1 Kaushik07 | 1 Wp Masonry \& Infinite Scroll | 2025-07-11 | N/A | 6.4 MEDIUM |
| The WP Masonry & Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wmis' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-48906 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 8.8 HIGH |
| Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-5540 | 1 Emarketdesign | 1 Event Rsvp And Simple Event Management | 2025-07-11 | N/A | 6.4 MEDIUM |
| The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-48905 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 8.1 HIGH |
| Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types. | |||||
| CVE-2025-48904 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 4.4 MEDIUM |
| Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48903 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 7.8 HIGH |
| Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-6693 | 1 Rt-thread | 1 Rt-thread | 2025-07-11 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-48902 | 1 Huawei | 2 Emui, Harmonyos | 2025-07-11 | N/A | 6.6 MEDIUM |
| Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-22249 | 1 Vmware | 3 Aria Automation, Cloud Foundation, Telco Cloud Platform | 2025-07-11 | N/A | 8.2 HIGH |
| VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL. | |||||
| CVE-2025-48911 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 8.2 HIGH |
| Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48910 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 5.5 MEDIUM |
| Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48909 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 7.1 HIGH |
| Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-6676 | 1 Gbyte | 1 Simple Xml Sitemap | 2025-07-11 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting (XSS).This issue affects Simple XML sitemap: from 0.0.0 before 4.2.2. | |||||
| CVE-2025-6677 | 1 Paragraphs Table Project | 1 Paragraphs Table | 2025-07-11 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue affects Paragraphs table: from 2.0.0 before 2.0.5. | |||||
| CVE-2025-48908 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 6.7 MEDIUM |
| Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48907 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 6.2 MEDIUM |
| Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-6735 | 1 Juzaweb | 1 Cms | 2025-07-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||