CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-1773 The Traveler theme for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output e... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-13126 The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files. | 4.6 | MEDIUM | — | 0 |
| CVE-2024-13602 The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks eve... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-1619 The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scriptin... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-1620 The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scriptin... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-1621 The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scriptin... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-1622 The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scriptin... | 3.5 | LOW | — | 0 |
| CVE-2025-1623 The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scriptin... | 3.5 | LOW | — | 0 |
| CVE-2025-1624 The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scriptin... | 3.5 | LOW | — | 0 |
| CVE-2025-2361 A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the arg... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-2369 A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulati... | 8.8 | HIGH | — | 0 |
| CVE-2025-2370 A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/... | 8.8 | HIGH | — | 0 |
| CVE-2025-2378 A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been classified as critical. This affects an unknown part of the file /download-medical-cards.php. The manipulation o... | 7.3 | HIGH | — | 0 |
| CVE-2025-2383 A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/searc... | 7.3 | HIGH | — | 0 |
| CVE-2025-29431 Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/department.php via the id, code, and name parameters. | 3.2 | LOW | — | 0 |
| CVE-2024-11040 Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. Al... | N/A | NONE | — | 0 |
| CVE-2025-2385 A vulnerability has been found in code-projects Modern Bag 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument userEmail/us... | 7.3 | HIGH | — | 0 |
| CVE-2025-2386 A vulnerability was found in PHPGurukul Local Services Search Engine Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /serviceman-search.php. Th... | 7.3 | HIGH | — | 0 |
| CVE-2025-2390 A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the file /user_dashboard/add_donor.php. The manipulation leads ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-44276 This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitiv... | 7.3 | HIGH | — | 0 |
| CVE-2025-25914 SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execute arbitrary code via the fid parameter | 9.8 | CRITICAL | — | 0 |
| CVE-2025-29426 Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/class.php via the id and cys parameters. | 4.6 | MEDIUM | — | 0 |
| CVE-2025-2393 A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/salut_del.php. The manipul... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-44314 TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatu... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-57169 A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve r... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-57170 SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichier_to_delete" parameter allows authenticated attackers to specify file paths containing directory trav... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-25582 yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml. | 6.1 | MEDIUM | — | 0 |
| CVE-2025-25586 yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. | 4.2 | MEDIUM | — | 0 |
| CVE-2025-25595 A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-26137 Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by supplying a crafted... | 7.5 | HIGH | — | 0 |
| CVE-2025-26138 Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, a... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-57151 SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function | 6.8 | MEDIUM | — | 0 |
| CVE-2024-53967 Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-53968 Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-53969 Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-53970 Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-29118 Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the function sub_47D878. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-2476 Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | HIGH | — | 0 |
| CVE-2024-13875 The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against hig... | 7.1 | HIGH | — | 0 |
| CVE-2024-13877 The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which ... | 7.1 | HIGH | — | 0 |
| CVE-2024-13878 The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high ... | 7.1 | HIGH | — | 0 |
| CVE-2024-13880 The My Quota WordPress plugin through 1.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high... | 7.1 | HIGH | — | 0 |
| CVE-2024-13881 The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against h... | 7.1 | HIGH | — | 0 |
| CVE-2024-54016 Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): through <=2.2.0. Users are recommended to u... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-10096 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-10721 A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-10727 A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-11822 langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability exists due to improper handling of the api_endpoint parameter, allowing an attacker to make... | 7.5 | HIGH | — | 0 |
| CVE-2024-12450 In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-12537 In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the `api/v1/utils/code/format` endpoint. If a malicious actor sends a... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.