Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54048 | 2025-08-20 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP allows SQL Injection. This issue affects Custom API for WP: from n/a through 4.2.2. | |||||
| CVE-2025-49412 | 2025-08-20 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in numixtech Page Transition allows Stored XSS. This issue affects Page Transition: from n/a through 1.3. | |||||
| CVE-2025-54012 | 2025-08-20 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in nanbu Welcart e-Commerce allows Object Injection. This issue affects Welcart e-Commerce: from n/a through 2.11.16. | |||||
| CVE-2025-49389 | 2025-08-20 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Solutions Notice Bar allows Stored XSS. This issue affects Notice Bar: from n/a through 3.1.3. | |||||
| CVE-2025-9202 | 2025-08-20 | N/A | 4.3 MEDIUM | ||
| The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the ThemeGrill Demo Importer plugin. | |||||
| CVE-2024-23942 | 2025-08-20 | N/A | N/A | ||
| A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS. | |||||
| CVE-2025-54551 | 2025-08-20 | N/A | N/A | ||
| Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. If exploited, a user of the product may escalate the privilege and access data that the user do not have permission to view by altering the parameters of the search function. | |||||
| CVE-2025-55706 | 2025-08-20 | N/A | N/A | ||
| URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL. | |||||
| CVE-2025-53522 | 2025-08-20 | N/A | N/A | ||
| Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker. | |||||
| CVE-2025-8618 | 2025-08-20 | N/A | 6.4 MEDIUM | ||
| The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woosq_btn shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-57747 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57748 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57744 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57743 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57746 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57745 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57788 | 2025-08-20 | N/A | N/A | ||
| An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk. | |||||
| CVE-2025-57742 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57791 | 2025-08-20 | N/A | N/A | ||
| An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role. | |||||
| CVE-2025-57789 | 2025-08-20 | N/A | N/A | ||
| An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. | |||||