CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-24754 Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0. | N/A | NONE | — | 0 |
| CVE-2025-23529 Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Minterpress: from n/a through <= 1.0.5. | N/A | NONE | — | 0 |
| CVE-2025-23531 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidfcarr RSVPMaker Volunteer Roles rsvpmaker-volunteer-roles allows Reflected XSS.This issue aff... | N/A | NONE | — | 0 |
| CVE-2025-23574 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM cubepm allows Reflected XSS.This issue affects CubePM: from n/a through <= 1.0... | N/A | NONE | — | 0 |
| CVE-2025-23656 Missing Authorization vulnerability in Saul Morales Pacheco Donate visa donate-visa allows Stored XSS.This issue affects Donate visa: from n/a through <= 1.0.0. | N/A | NONE | — | 0 |
| CVE-2025-23669 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nurul Amin WP Smart Tooltip wp-smart-tool-tip allows Stored XSS.This issue affects WP Smart Toolti... | N/A | NONE | — | 0 |
| CVE-2025-23752 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clifton Griffin CGD Arrange Terms shopp-arrange allows Reflected XSS.This issue affects CGD Arrang... | N/A | NONE | — | 0 |
| CVE-2025-23754 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ulrich Sossou The Loops the-loops allows Reflected XSS.This issue affects The Loops: from n/a thro... | N/A | NONE | — | 0 |
| CVE-2025-23756 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanchernyakov LawPress – Law Firm Website Management lawpress allows Reflected XSS.This issue aff... | N/A | NONE | — | 0 |
| CVE-2025-23849 Missing Authorization vulnerability in bpiwowar PAPERCITE papercite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PAPERCITE: from n/a through <= 0.5.18. | N/A | NONE | — | 0 |
| CVE-2025-23982 Missing Authorization vulnerability in Gopi krishnan Fare Calculator fare-calculator allows Stored XSS.This issue affects Fare Calculator: from n/a through <= 1.1. | N/A | NONE | — | 0 |
| CVE-2025-24537 Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through <= 6.7.0... | N/A | NONE | — | 0 |
| CVE-2025-24538 Cross-Site Request Forgery (CSRF) vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from ... | N/A | NONE | — | 0 |
| CVE-2025-68021 Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a throug... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68852 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reserv... | 7.1 | HIGH | — | 0 |
| CVE-2025-69394 Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cnvrse: from n/a throu... | 7.5 | HIGH | — | 0 |
| CVE-2025-69403 Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons bravis-addons allows Using Malicious Files.This issue affects Bravis Addons: from n/a through <= 1.3.0. | 9.9 | CRITICAL | — | 0 |
| CVE-2025-69404 Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through <= 1.5.10. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69405 Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum | Books & Media Store lorem-ipsum-books-media-store allows Object Injection.This issue affects Lorem Ipsum | Books & Media Store... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22357 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper F... | 7.1 | HIGH | — | 0 |
| CVE-2026-22416 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes FixTeam fixteam allows PHP Local File Inclusion.This issue affects... | 8.1 | HIGH | — | 0 |
| CVE-2026-22451 Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through <= 1.4.7. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22459 Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22460 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax FormGent formgent allows Path Traversal.This issue affects FormGent: from n/a through <= 1.5.6. | 8.6 | HIGH | — | 0 |
| CVE-2026-22479 Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Post Submissi... | 7.5 | HIGH | — | 0 |
| CVE-2026-5195 A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql in... | 7.3 | HIGH | — | 0 |
| CVE-2024-52460 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in atarapay AtaraPay WooCommerce Payment Gateway atarapay-woocommerce allows Reflected XSS.This issue... | N/A | NONE | — | 0 |
| CVE-2024-52461 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kinsta Infinite Slider infinite-slider allows Reflected XSS.This issue affects Infinite Slider: fr... | N/A | NONE | — | 0 |
| CVE-2024-52462 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacob Schwartz WP e-Commerce Style Email wp-e-commerce-style-email allows Reflected XSS.This issue... | N/A | NONE | — | 0 |
| CVE-2024-52463 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Westwood Post By Email post-by-email allows Reflected XSS.This issue affects Post By Email: ... | N/A | NONE | — | 0 |
| CVE-2024-52464 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anmari amr shortcodes amr-shortcodes allows Reflected XSS.This issue affects amr shortcodes: from ... | N/A | NONE | — | 0 |
| CVE-2024-52465 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Mitigation, Inc. LGPD Framework lgpd-framework allows Reflected XSS.This issue affect... | N/A | NONE | — | 0 |
| CVE-2024-52466 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Events explara-events allows Reflected XSS.This issue affects Explara Events: from... | N/A | NONE | — | 0 |
| CVE-2024-52467 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech AI Responsive Gallery Album ai-responsive-gallery-album allows Reflected XSS.This ... | N/A | NONE | — | 0 |
| CVE-2024-52468 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadBoxer LeadBoxer leadboxer allows Reflected XSS.This issue affects LeadBoxer: from n/a through ... | N/A | NONE | — | 0 |
| CVE-2024-52469 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dhrubok Infotech Services Ltd. WooCommerce Price Alert price-alert-woocommerce allows Reflected XS... | N/A | NONE | — | 0 |
| CVE-2024-52476 Unrestricted Upload of File with Dangerous Type vulnerability in Stefan Bohacek Fediverse Embeds fediverse-embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/... | N/A | NONE | — | 0 |
| CVE-2024-52477 Cross-Site Request Forgery (CSRF) vulnerability in docxpresso Document & Data Automation document-data-automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through <= 1... | N/A | NONE | — | 0 |
| CVE-2025-23833 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RaminMT Links/Problem Reporter report-broken-links allows DOM-Based XSS.This issue affects Links/P... | N/A | NONE | — | 0 |
| CVE-2025-70028 An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | 7.5 | HIGH | — | 0 |
| CVE-2026-4366 A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-23659 Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network. | 8.6 | HIGH | — | 0 |
| CVE-2026-33368 Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a reflected cross-site scripting (XSS) vulnerability in the Classic Webmail REST interface (/h/rest). The application fails to properly sanitize... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33370 An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Zimbra Briefcase feature due to insufficient sanitization of specif... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33371 An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-21671 A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. | 9.1 | CRITICAL | — | 0 |
| CVE-2026-20996 Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-20998 Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-20999 Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions. | 7.5 | HIGH | — | 0 |
| CVE-2019-25580 ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET ... | 8.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.