Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-15512 The Aplazo Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_success_response() function in all versions up to, and... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15377 The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'admin_page_content'... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15378 The AJS Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'note_list_class' and 'popup_display_effect_in' parameters in all versions up to, and including, 1.0 due to ... | 7.2 | HIGH | — | 0 |
| CVE-2025-15486 The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote s... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0594 The List Site Contributors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'alpha' parameter in versions up to, and including, 1.1.8 due to insufficient input sanitization... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0635 The Responsive Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resp_accordion_silder_save_images' function in all ver... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0678 The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-0680 The Real Post Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0694 The SearchWiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in search results in all versions up to, and including, 1.0.0. This is due to the plugin using `esc_attr... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0717 The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the `/wp-json/lottiefiles/v1/settings/... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14173 The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the `logout` function cal... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14770 The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL Injection via the 'city' parameter in all versions up to, and including, 2.0.0 due to insufficient escaping on the user supplied p... | 7.5 | HIGH | — | 0 |
| CVE-2025-14846 The SocialChamp with WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing nonce validation on the wpsc_setting... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15376 The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'set_stopwords_for... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15475 The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the check_payhere_response function in... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15513 The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse() function in all versions up to, and includ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0734 The WP Allowed Hosts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allowed-hosts' parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitizat... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0739 The WMF Mobile Redirector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0741 The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanit... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0812 The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedin_sc_date_format', 'linkedin_sc_api_key', and 'linkedin_sc_secret_key' parameters in all versions up t... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0813 The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'short_link_post_title' and 'short_link_page_title' parameters in all versions up to, and including, 1.0 due to... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0529 Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This require... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0532 External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON... | 8.6 | HIGH | — | 0 |
| CVE-2025-14338 Polkit authentication dis isabled by default and a race condition in the Polkit authorization check in versions before v0.69.0 can lead to the same issues as in CVE-2025-66005. | N/A | NONE | — | 0 |
| CVE-2025-66005 Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of t... | N/A | NONE | — | 0 |
| CVE-2025-66169 Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recom... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-67859 A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power profile in use as well as the daemon’s log settings.This issue affects TLP: from 1.9 before 1.9.1. | N/A | NONE | — | 0 |
| CVE-2025-13175 Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers a... | N/A | NONE | — | 0 |
| CVE-2025-14317 In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a `loyaltyGuestId` parameter. Server does not verify the permissions requ... | N/A | NONE | — | 0 |
| CVE-2025-13062 The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files... | 8.8 | HIGH | — | 0 |
| CVE-2025-71118 In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid walking the Namespace if start_node is NULL Although commit 0c9992315e73 ("ACPICA: Avoid walking the ACPI Namespace ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71124 In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: move preempt_prepare_postamble after error check Move the call to preempt_prepare_postamble() after verifying that p... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71130 In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer Initialize the eb.vma array with values of 0 when the eb ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71131 In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req->iv after crypto_aead_encrypt As soon as crypto_aead_encrypt is called, the underlying request may ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71140 In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and dec... | N/A | NONE | — | 0 |
| CVE-2026-0601 A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted requ... | N/A | NONE | — | 0 |
| CVE-2025-9142 A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory. | 7.5 | HIGH | — | 0 |
| CVE-2026-22211 TinyOS versions up to and including 2.1.2 contain a global buffer overflow vulnerability in the printfUART formatted output implementation used within the ZigBee / IEEE 802.15.4 networking stack. The ... | N/A | NONE | — | 0 |
| CVE-2026-23497 Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filena... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-12166 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the `order` and `append_where_sql` parameters in all versio... | 7.5 | HIGH | — | 0 |
| CVE-2025-12533 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-13154 An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated p... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-14058 A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locke... | 3.2 | LOW | — | 0 |
| CVE-2026-0421 A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in t... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0600 Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access u... | N/A | NONE | — | 0 |
| CVE-2026-23574 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23575 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23576 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23577 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.