Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-5534 The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2 due to insufficient... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5536 The Freemind Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'freemind' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5538 The BNS Featured Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bnsfc' shortcode in all versions up to, and including, 2.8.2 due to insufficient input san... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5541 The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'runnerslog' shortcode in all versions up to, and including, 3.9.2 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5563 The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the 'wp-addpub' shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-5565 The Hide It plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hideit' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5586 The WordPress Ajax Load More and Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.6.0 due to insufficien... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5686 The Paged Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 0.7 due to insufficient input sanitizatio... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5699 The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-5727 A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component... | 2.4 | LOW | — | 0 |
| CVE-2025-5728 A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management System 1.0. This vulnerability affects unknown code of the file /manage_website.php. The manipulation o... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-3321 A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server. | N/A | NONE | — | 0 |
| CVE-2025-5734 A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST ... | 8.8 | HIGH | — | 0 |
| CVE-2025-5735 A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request H... | 8.8 | HIGH | — | 0 |
| CVE-2025-5736 A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handl... | 8.8 | HIGH | — | 0 |
| CVE-2025-3322 An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server. | N/A | NONE | — | 0 |
| CVE-2025-3365 A missing protection against path traversal allows to access any file on the server. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-5737 A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the compo... | 8.8 | HIGH | — | 0 |
| CVE-2025-5738 A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP ... | 8.8 | HIGH | — | 0 |
| CVE-2025-5739 A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. ... | 8.8 | HIGH | — | 0 |
| CVE-2025-5755 A vulnerability was found in SourceCodester Open Source Clinic Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /email_config.php. The manipulatio... | 7.3 | HIGH | — | 0 |
| CVE-2025-5758 A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of the argument... | 7.3 | HIGH | — | 0 |
| CVE-2025-5759 A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. This vulnerability affects unknown code of the file /admin/edit-person-detail.php?edi... | 7.3 | HIGH | — | 0 |
| CVE-2025-41360 Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The device is vulnerable to a packet flooding denial of service attack. | N/A | NONE | — | 0 |
| CVE-2025-41361 Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to thos... | N/A | NONE | — | 0 |
| CVE-2025-41362 Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploit... | N/A | NONE | — | 0 |
| CVE-2025-41363 In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and... | N/A | NONE | — | 0 |
| CVE-2025-41364 Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in... | N/A | NONE | — | 0 |
| CVE-2025-46858 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46859 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46860 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46861 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46862 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46863 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46864 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-49792 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-46865 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46866 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46870 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46871 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46872 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46873 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46874 Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low privileged attacker is able to convince a victim to visit a URL refe... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-49793 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-46875 Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low privileged attacker is able to convince a victim to visit a URL refe... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46876 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46877 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46878 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46879 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-46880 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.