Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7443 | 2025-08-01 | N/A | 8.1 HIGH | ||
| The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-7845 | 2025-08-01 | N/A | 6.4 MEDIUM | ||
| The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-4523 | 2025-08-01 | N/A | 6.5 MEDIUM | ||
| The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose an administrator’s username, email address, and all donor fields. | |||||
| CVE-2025-54839 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54845 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54843 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2019-19145 | 2025-08-01 | N/A | N/A | ||
| Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords. | |||||
| CVE-2025-54846 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54841 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54840 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54847 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54844 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-53399 | 2025-08-01 | N/A | N/A | ||
| In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets (except when the relay is configured for strict source and learning disabled). Version 13.4.1.1 fixes the heuristic mode by limiting exposure to the first five packets, and introduces a recrypt flag that fully prevents SRTP attacks when both mitigations are enabled. | |||||
| CVE-2025-54657 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54842 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-5954 | 2025-08-01 | N/A | 9.8 CRITICAL | ||
| The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user. | |||||
| CVE-2025-29358 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | N/A | N/A |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-48206 | 1 Nitsantech | 1 Ns-backup | 2025-08-01 | N/A | N/A |
| The ns_backup extension through 13.0.0 for TYPO3 allows XSS. | |||||
| CVE-2025-29359 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | N/A | N/A |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-29357 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | N/A | N/A |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||