CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2020-36912 Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can cra... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36913 All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP G... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-29004 Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege ... | 8.8 | HIGH | β | 0 |
| CVE-2025-30631 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Builde... | 7.1 | HIGH | β | 0 |
| CVE-2025-30996 Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify ... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-21492 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-14596 Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1. | 6.7 | MEDIUM | β | 0 |
| CVE-2025-14599 Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime LiteΒ Installer (SFX) on Windows allows Search Order Hijacking.Th... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-13801 The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via the file parameter. This makes it possible for unauthenticated attackers to read ... | 7.5 | HIGH | β | 0 |
| CVE-2025-13841 The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' and 'verticalalign' parameters of the 'app-store-download' shortcode in all versions up to, and i... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13847 The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'time' parameter in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output e... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13848 The STM Gallery 1.9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'composicion' parameter in all versions up to, and including, 0.9 due to insufficient input sanitization a... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13849 The Cool YT Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and ou... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13887 The AI BotKit β AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the `ai_botkit_widget` shortcode in all versions up ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13974 The Email Customizer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email template content in all versions up to, and including, 2.6.7 due to insufficient input ... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-14070 The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'send_test_email' AJAX action in all versions up to, and including, 1.0.6... | 7.5 | HIGH | β | 0 |
| CVE-2025-14077 The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage funct... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-14109 The AH Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'column' shortcode attribute in all versions up to, and including, 1.0.2 due to insufficient input sanitizat... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14110 The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient inp... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14112 The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menu_style' shortcode attribute in all versions up to, and including, 2.2.1 due to insufficient input... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14113 The Viitor Button Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' shortcode attribute in all versions up to, and including, 3.0.0 due to insufficient input ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-22522 Missing Authorization vulnerability in Munir Kamal Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through 2.2.3. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-14792 The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kf_field_figure_default_color_render function in all versions up to, and including, 1.1 due to insufficient in... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-14796 The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image titles in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14802 The LearnPress β WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/{file_id} REST API endpoint. T... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-14804 The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary fil... | 7.7 | HIGH | β | 0 |
| CVE-2025-14835 The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βshortcodeβ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sa... | 7.1 | HIGH | β | 0 |
| CVE-2025-14888 The Simple User Meta Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user meta value field in all versions up to, and including, 1.0.0 due to insufficient input saniti... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-15058 The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'table_currency' parameter in all versions up to, and including, 5.1.12 due to insufficient input... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-15158 The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpse_file_and_ext_webp' function in all versions up to, and including, 1.0.... | 8.8 | HIGH | β | 0 |
| CVE-2025-15472 A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURLΒ of the file uapply.cgi of the component httpdΒ . This manipulation of the argument DeviceURL causes os comm... | 7.2 | HIGH | β | 0 |
| CVE-2025-15474 AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of service ... | N/A | NONE | β | 0 |
| CVE-2025-31643 Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. | 8.8 | HIGH | β | 0 |
| CVE-2025-31962 Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints d... | 2.0 | LOW | β | 0 |
| CVE-2025-32300 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: f... | 7.1 | HIGH | β | 0 |
| CVE-2025-47343 Memory corruption while processing a video session to set video parameters. | 7.8 | HIGH | β | 0 |
| CVE-2026-21496 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL poin... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21497 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL poin... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21498 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL poin... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21499 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL poin... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21500 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack ove... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-22188 Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 usi... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-22189 Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22190 Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for spri... | 7.5 | HIGH | β | 0 |
| CVE-2025-69222 LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the defaul... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-69263 pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve differe... | 7.5 | HIGH | β | 0 |
| CVE-2026-22043 RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-20214 FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiab... | 7.5 | HIGH | β | 0 |
| CVE-2017-20215 FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated a... | 8.8 | HIGH | β | 0 |
| CVE-2017-20216 FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitra... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.