CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-21491 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-21494 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-5069 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2025-7048 On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-29004 Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege ... | 8.8 | HIGH | β | 0 |
| CVE-2025-30631 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Builde... | 7.1 | HIGH | β | 0 |
| CVE-2025-30996 Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify ... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-21492 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-14596 Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1. | 6.7 | MEDIUM | β | 0 |
| CVE-2025-14599 Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime LiteΒ Installer (SFX) on Windows allows Search Order Hijacking.Th... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-14605 Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-14612 Insecure Temporary File vulnerability in Altera Quartus Prime ProΒ Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1. | 6.7 | MEDIUM | β | 0 |
| CVE-2025-31051 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-31642 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This issue affects WPCHURCH: from n/a through 2.7.0. | 7.1 | HIGH | β | 0 |
| CVE-2025-0980 Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing va... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-11877 The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_login_failed' lacks a capability check and writes f... | 7.5 | HIGH | β | 0 |
| CVE-2025-12030 The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the update_item... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-12449 The aBlocks β WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-12540 The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics clien... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-12648 The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directorie... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-12958 The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankology_code_block' page in all versions up ... | 2.7 | LOW | β | 0 |
| CVE-2025-13369 The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'money_spent_from', 'money_spent_to', 'registered_from', and 'registered_to' pa... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-13371 The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment card details (PAN, card... | 8.6 | HIGH | β | 0 |
| CVE-2025-13418 The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'plan_icons' parameter in all versions up to, and including, 5.1.12 due to insufficient input san... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13419 The Guest posting / Frontend Posting / Front Editor β WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bf... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13493 The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in ... | 7.5 | HIGH | β | 0 |
| CVE-2025-13496 The Moosend Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the moosend_landings_auth_get function in all versions up to, and... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13497 The Recras WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'recrasname' shortcode attribute in all versions up to, and including, 6.4.1. This is due to insufficient... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13519 The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX a... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-13520 The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the settin... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-13521 The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-13527 The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xshare_plugin_reset()' function... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-13529 The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. This makes it poss... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13531 The Stylish Order Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'product_name' parameter in all versions up to, and including, 1.0 due to insufficient input sa... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13657 The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the hand... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-13667 The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitiza... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13694 The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTP_X_FORWARDE... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13722 The Fluent Forms β Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13801 The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via the file parameter. This makes it possible for unauthenticated attackers to read ... | 7.5 | HIGH | β | 0 |
| CVE-2025-13841 The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' and 'verticalalign' parameters of the 'app-store-download' shortcode in all versions up to, and i... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13847 The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'time' parameter in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output e... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13848 The STM Gallery 1.9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'composicion' parameter in all versions up to, and including, 0.9 due to insufficient input sanitization a... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13849 The Cool YT Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and ou... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13887 The AI BotKit β AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the `ai_botkit_widget` shortcode in all versions up ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13974 The Email Customizer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email template content in all versions up to, and including, 2.6.7 due to insufficient input ... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-13990 The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrat... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-14028 The Contact Us Simple Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and out... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-14053 The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14057 The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 17.0.39 due to insufficient input sanitization and o... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.