Export limit exceeded: 341846 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341846 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34173 | 2 Netgate, Pfsense | 3 Pfsense Ce, Pfsense Plus, Pfsense | 2025-11-20 | 4.3 Medium |
| In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: Snort package" permissions. | ||||
| CVE-2025-34174 | 2 Netgate, Pfsense | 3 Pfsense Ce, Pfsense Plus, Pfsense | 2025-11-20 | 5.4 Medium |
| In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Status: Traffic Totals" permissions. | ||||
| CVE-2025-34175 | 2 Netgate, Pfsense | 3 Pfsense Ce, Pfsense Plus, Pfsense | 2025-11-20 | 6.1 Medium |
| In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated. | ||||
| CVE-2025-34176 | 2 Netgate, Pfsense | 3 Pfsense Ce, Pfsense Plus, Pfsense | 2025-11-20 | 4.3 Medium |
| In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions. | ||||
| CVE-2025-34177 | 2 Netgate, Pfsense | 3 Pfsense Ce, Pfsense Plus, Pfsense | 2025-11-20 | 5.4 Medium |
| In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions. | ||||
| CVE-2025-34178 | 2 Netgate, Pfsense | 3 Pfsense Ce, Pfsense Plus, Pfsense | 2025-11-20 | 5.4 Medium |
| In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions. | ||||
| CVE-2025-10158 | 1 Rsync | 1 Rsync | 2025-11-20 | 4.3 Medium |
| A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. | ||||
| CVE-2025-6251 | 2 Wordpress, Wproyal | 2 Wordpress, Royal Elementor Addons And Templates | 2025-11-20 | 6.4 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item['field_id'] in all versions up to, and including, 1.7.1036 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12777 | 2 Wordpress, Yithemes | 2 Wordpress, Yith Woocommerce Wishlist | 2025-11-20 | 5.3 Medium |
| The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint (which uses permission_callback => '__return_true') and the AJAX delete_item handler (which only checks nonce validity without verifying object-level authorization). This makes it possible for unauthenticated attackers to disclose wishlist tokens for any user and subsequently delete wishlist items by chaining the REST API authorization bypass with the exposed delete_item nonce on shared wishlist pages and the AJAX handler's missing object-level authorization check. | ||||
| CVE-2025-12349 | 2 Icegram, Wordpress | 2 Email Subscribers & Newsletters, Wordpress | 2025-11-20 | 5.3 Medium |
| The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `trigger_mailing_queue_sending` function. This makes it possible for unauthenticated attackers to force immediate email sending, bypass the schedule, increase server load, and change plugin state (e.g., last-cron-hit), enabling abuse or DoS-like effects. | ||||
| CVE-2025-13051 | 2 Asustor, Microsoft | 3 Abp, Aes, Windows | 2025-11-20 | N/A |
| When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges. This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290. | ||||
| CVE-2025-12359 | 2 Dfactory, Wordpress | 2 Responsive Lightbox & Gallery, Wordpress | 2025-11-20 | 5.4 Medium |
| The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get_image_size_by_url' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. | ||||
| CVE-2025-12472 | 1 Google | 1 Cloud Looker | 2025-11-20 | N/A |
| An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these. Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 24.12.103+ * 24.18.195+ * 25.0.72+ * 25.6.60+ * 25.8.42+ * 25.10.22+ | ||||
| CVE-2025-12646 | 2 Jackdewey, Wordpress | 2 Community Events, Wordpress | 2025-11-20 | 7.5 High |
| The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'dayofyear' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-8084 | 1 Wordpress | 1 Wordpress | 2025-11-20 | 6.8 Medium |
| The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the rest_helpers_create_images function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On Cloud instances, this issue allows for metadata retrieving. | ||||
| CVE-2025-13054 | 2 Cozmoslabs, Wordpress | 2 Profile Builder, Wordpress | 2025-11-20 | 6.4 Medium |
| The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppb-embed shortcode in all versions up to, and including, 3.14.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12770 | 1 Wordpress | 1 Wordpress | 2025-11-20 | 5.3 Medium |
| The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable information (PII), including usernames and email addresses of users with various approval statuses via the Zapier REST API endpoints, by exploiting PHP type juggling with the api_key parameter set to "0" on sites where the Zapier API key has not been configured. | ||||
| CVE-2025-12484 | 2 Rafflepress, Wordpress | 3 Giveaways And Contests, Giveaways And Contests By Rafflepress, Wordpress | 2025-11-20 | 7.2 High |
| The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple social media username parameters in all versions up to, and including, 1.12.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12535 | 2 Brainstormforce, Wordpress | 2 Sureforms, Wordpress | 2025-11-20 | 5.3 Medium |
| The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces (wp_rest) to unauthenticated users via the 'wp_ajax_nopriv_rest-nonce' action. While the plugin legitimately needs to support unauthenticated form submissions, it incorrectly uses generic REST nonces instead of form-specific nonces. This makes it possible for unauthenticated attackers to bypass CSRF protection on REST API endpoints that rely solely on nonce verification without additional authentication checks, allowing them to trigger unauthorized actions such as the plugin's own post-submission hooks and potentially other plugins' REST endpoints. | ||||
| CVE-2025-12376 | 1 Wordpress | 1 Wordpress | 2025-11-20 | 6.4 Medium |
| The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fs_api_request function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Only valid JSON objects are rendered in the response. | ||||