CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-65933 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-65934 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-65935 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-65936 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-65937 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-65938 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-65939 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-65940 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-65941 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-6251 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item['field_id'] in all versions up to, and including, 1.7.1036 due to insufficient inpu... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-12349 The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin no... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14024 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2025-12174 The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directorist_prepa... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-12359 The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get_image_size_by_url' function. This is due to... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-12646 The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'dayofyear' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied par... | 7.5 | HIGH | — | 0 |
| CVE-2025-12710 The Pet-Manager – Petfinder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kwm-petfinder shortcode in all versions up to, and including, 3.6.1 due to insufficient input sani... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-12751 The WSChat – WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'reset_settings' AJAX endpoint in all versions up to, ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-12814 The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseo_reset_settings function in all versions up to, a... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-40222 In the Linux kernel, the following vulnerability has been resolved: tty: serial: sh-sci: fix RSCI FIFO overrun handling The receive error handling code is shared between RSCI and all other SCIF port... | N/A | NONE | — | 0 |
| CVE-2025-12822 The WP Login and Register using JWT plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mo_jwt_generate_new_api_key' function in all versions up... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-12842 The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslo... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-12878 The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `wfop_phone` shortcode in all versions up to, and including, 3.13.1.2.... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-13054 The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppb-embed shortcode i... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-13145 The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untru... | 7.2 | HIGH | — | 0 |
| CVE-2025-12472 An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. ... | N/A | NONE | — | 0 |
| CVE-2025-12535 The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API no... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-13085 The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-12484 The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple social medi... | 7.2 | HIGH | — | 0 |
| CVE-2025-13035 The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. This is due to the plugin's use of extract() on attacker-controlled shortcode at... | 8.0 | HIGH | — | 0 |
| CVE-2025-0351 Rejected reason: Voluntarily withdrawn | N/A | NONE | — | 0 |
| CVE-2025-58412 A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all vers... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-40238 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec cleanup over MPV device When we do mlx5e_detach_netdev() we eventually disable blocking events notifier, among... | N/A | NONE | — | 0 |
| CVE-2025-13395 A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results ... | 7.3 | HIGH | — | 0 |
| CVE-2025-10437 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. Webpack Management System allows ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-12592 Legacy Vivotek Device firmware uses default credetials for the root and user login accounts. | N/A | NONE | — | 0 |
| CVE-2024-8527 Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions. | N/A | NONE | — | 0 |
| CVE-2024-8528 Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized. | N/A | NONE | — | 0 |
| CVE-2025-0421 Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025. | 4.7 | MEDIUM | — | 0 |
| CVE-2025-11963 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trade Ltd. Co. StarCities allows Reflected XSS.This issue affects S... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-10702 Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Rem... | N/A | NONE | — | 0 |
| CVE-2025-10703 Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Rem... | N/A | NONE | — | 0 |
| CVE-2025-13396 A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql inj... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-65022 i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An at... | 7.2 | HIGH | — | 0 |
| CVE-2025-65023 i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad.... | 7.2 | HIGH | — | 0 |
| CVE-2025-65024 i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda_admin_cad.php scr... | 7.2 | HIGH | — | 0 |
| CVE-2025-12743 The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database.... | N/A | NONE | — | 0 |
| CVE-2025-64757 Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimi... | 3.5 | LOW | — | 0 |
| CVE-2025-34336 eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image up... | N/A | NONE | — | 0 |
| CVE-2025-34337 eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL para... | N/A | NONE | — | 0 |
| CVE-2025-64521 authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with client_id and client_secret to an OAuth provider, authentik creates a service account ... | 4.8 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.