Total
307674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9509 | 1 Itsourcecode | 1 Apartment Management System | 2025-08-29 | 7.3 High |
| A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fair_info_all.php. Performing manipulation of the argument fid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-48308 | 2025-08-29 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in nonletter Newsletter subscription optin module allows Stored XSS. This issue affects Newsletter subscription optin module: from n/a through 1.2.9. | ||||
| CVE-2025-48315 | 2025-08-29 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stanton119 WordPress HTML allows Stored XSS. This issue affects WordPress HTML: from n/a through 0.51. | ||||
| CVE-2025-48319 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gslauraspeck Mesa Mesa Reservation Widget allows Stored XSS. This issue affects Mesa Mesa Reservation Widget: from n/a through 1.0.0. | ||||
| CVE-2025-48324 | 2025-08-29 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in khashabawy tli.tl auto Twitter poster allows Stored XSS. This issue affects tli.tl auto Twitter poster: from n/a through 3.4. | ||||
| CVE-2025-30063 | 2025-08-29 | N/A | ||
| The configuration file containing database logins and passwords is readable by any local user. | ||||
| CVE-2025-48348 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 4.3 Medium |
| Incorrect Privilege Assignment vulnerability in chandrashekharsahu Site Offline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Site Offline: from n/a through 1.5.7. | ||||
| CVE-2025-48357 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Theme Century Century ToolKit allows Cross Site Request Forgery. This issue affects Century ToolKit: from n/a through 1.2.1. | ||||
| CVE-2025-48360 | 2 Razvan Stanga, Wordpress | 2 Varnish Nginx Proxy Caching Plugin, Wordpress | 2025-08-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching allows Stored XSS. This issue affects Varnish/Nginx Proxy Caching: from n/a through 1.8.3. | ||||
| CVE-2025-9514 | 1 Macrozheng | 1 Mall | 2025-08-29 | 3.7 Low |
| A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be difficult. The vendor deleted the GitHub issue for this vulnerability without and explanation. | ||||
| CVE-2025-43729 | 1 Dell | 1 Thinos | 2025-08-29 | 7.8 High |
| Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access. | ||||
| CVE-2025-5187 | 1 Kubernetes | 1 Kubernetes | 2025-08-29 | 6.7 Medium |
| A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection. | ||||
| CVE-2025-9346 | 2025-08-29 | 6.4 Medium | ||
| The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 10.14.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-8603 | 2025-08-29 | 6.4 Medium | ||
| The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.148 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-55422 | 1 Foxcms | 1 Foxcms | 2025-08-29 | 8.8 High |
| In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus. | ||||
| CVE-2025-34161 | 2025-08-29 | N/A | ||
| Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creation. By submitting a crafted repository string containing command injection syntax, an attacker can execute arbitrary commands on the underlying host system, resulting in full server compromise. | ||||
| CVE-2025-58198 | 2 Wordpress, Xpro | 2 Wordpress, Theme Builder | 2025-08-29 | 6.5 Medium |
| Missing Authorization vulnerability in Xpro Xpro Theme Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Xpro Theme Builder: from n/a through 1.2.9. | ||||
| CVE-2025-30057 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function. | ||||
| CVE-2025-58072 | 2025-08-29 | N/A | ||
| Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, arbitrary files may be viewed by a remote unauthenticated attacker. | ||||
| CVE-2025-58081 | 2025-08-29 | N/A | ||
| Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to view arbitrary files with root privileges. | ||||