Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55708 | 2025-08-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master allows SQL Injection. This issue affects Quiz And Survey Master: from n/a through 10.2.4. | |||||
| CVE-2025-9022 | 2025-08-15 | N/A | 7.3 HIGH | ||
| A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. | |||||
| CVE-2025-53221 | 2025-08-15 | N/A | N/A | ||
| Missing Authorization vulnerability in codeablepress CodeablePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CodeablePress: from n/a through 1.0.0. | |||||
| CVE-2025-20302 | 2025-08-15 | N/A | 4.3 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this vulnerability by directly accessing a generated report file for a different domain that is managed on the same Cisco Secure FMC instance. A successful exploit could allow the attacker to access a previously run report for a different domain, which could allow an attacker to read activity recorded in that domain. | |||||
| CVE-2025-20263 | 2025-08-15 | N/A | 8.6 HIGH | ||
| A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. This vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could cause the system to reload, resulting in a denial of service (DoS) condition. | |||||
| CVE-2025-55714 | 2025-08-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects JetElements For Elementor: from n/a through 2.7.9. | |||||
| CVE-2025-9024 | 2025-08-15 | N/A | 7.3 HIGH | ||
| A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-54730 | 2025-08-15 | N/A | N/A | ||
| Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embedder for Google Reviews: from n/a through 1.7.3. | |||||
| CVE-2025-55713 | 2025-08-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeThemes Blocksy allows Stored XSS. This issue affects Blocksy: from n/a through 2.1.6. | |||||
| CVE-2025-53581 | 2025-08-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artiosmedia RSS Feed Pro allows Stored XSS. This issue affects RSS Feed Pro: from n/a through 1.1.8. | |||||
| CVE-2025-7641 | 2025-08-15 | N/A | 7.5 HIGH | ||
| The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to delete arbitrary directories on the server, which can cause a complete loss of availability. | |||||
| CVE-2025-5844 | 2025-08-15 | N/A | 6.4 MEDIUM | ||
| The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-55709 | 2025-08-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through n/a. | |||||
| CVE-2025-7778 | 2025-08-15 | N/A | 9.8 CRITICAL | ||
| The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | |||||
| CVE-2025-20222 | 2025-08-15 | N/A | 8.6 HIGH | ||
| A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of IPv6 packets. An attacker could exploit this vulnerability by sending IPv6 packets over an IPsec VPN connection to an affected device. A successful exploit could allow the attacker to trigger a reload of the device, resulting in a DoS condition. | |||||
| CVE-2025-9036 | 2025-08-15 | N/A | N/A | ||
| A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection. | |||||
| CVE-2025-53347 | 2025-08-15 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium allows Cross Site Request Forgery. This issue affects Kalium: from n/a through 3.18.3. | |||||
| CVE-2025-9021 | 2025-08-15 | N/A | 7.3 HIGH | ||
| A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. | |||||
| CVE-2025-1929 | 2025-08-15 | N/A | 7.2 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazilim Teknolojileri Ltd. Sti. Reel Sektör Hazine ve Risk Yönetimi Yazilimi allows SQL Injection, CAPEC - 7 - Blind SQL Injection.This issue affects Reel Sektör Hazine ve Risk Yönetimi Yazilimi: through 1.0.0.4. | |||||
| CVE-2025-20218 | 2025-08-15 | N/A | 4.9 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. | |||||