Last Published CVEs

Last updated: 
ID Summary Flags Max Score
CVE-2025-5167 Open Asset Import Library Assimp LWOLoader.h GetS0 out-of-bounds
E
CVE-2025-5166 Open Asset Import Library Assimp MDC File Parser MDCLoader.cpp InternReadFile out-of-bounds
E
CVE-2025-5165 Open Asset Import Library Assimp MDCLoader.cpp ValidateSurfaceHeader out-of-bounds
E
CVE-2025-5164 PerfreeBlog JWT JwtUtil hard-coded key
E
CVE-2025-5163 yangshare 技术杨工 warehouseManager 仓库管理系统 access control
E
CVE-2025-5162 H3C SecCenter SMP-E1114P02 importFile unrestricted upload
E
CVE-2025-5161 H3C SecCenter SMP-E1114P02 download operationDailyOut path traversal
E
CVE-2025-5160 H3C SecCenter SMP-E1114P02 download path traversal
E
CVE-2025-2146 Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and L...
CVE-2025-5159 H3C SecCenter SMP-E1114P02 download path traversal
E
CVE-2025-5158 H3C SecCenter SMP-E1114P02 downloadSoftware path traversal
E
CVE-2025-5157 H3C SecCenter SMP-E1114P02 fileContent path traversal
CVE-2025-5156 H3C GR-5400AX aspForm EditWlanMacList buffer overflow
E
CVE-2025-5155 qianfox FoxCMS Article.php batchCope sql injection
E
CVE-2025-5154 PhonePe App SQLite Database databases cleartext storage in a file or on disk
E S
CVE-2025-5153 CMS Made Simple Design Manager Module cross site scripting
E
CVE-2025-5152 Chanjet CRM newActivityedit.php sql injection
E
CVE-2025-5151 defog-ai introspect analysis_tools.py execute_analysis_code_safely code injection
E S
CVE-2025-5150 docarray Web API torch_dataset.py __getitem__ prototype pollution
E
CVE-2025-5149 WCMS Login getallcon getMemberByUid improper authentication
E
CVE-2025-5148 FunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserialization
S
CVE-2025-5147 Netcore NBR1005GPEV2/NBR200V2/B6V2 network_tools tools_ping command injection
E
CVE-2025-5146 Netcore NBR200V2 HTTP Header routerd passwd_set command injection
E
CVE-2025-5145 Netcore POWER13 Query String cgi-bin command injection
E
CVE-2025-5140 Seeyon Zhiyuan OA Web Application System ThirdMenuController.class this.oursNetService.getData server-side request forgery
E
CVE-2025-5139 Qualitor testaConexaoOffice365.php command injection
E
CVE-2025-5138 Bitwarden PDF File cross site scripting
E
CVE-2025-5137 DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection
E
CVE-2025-5136 Tmall Demo Payment Identifier pay random values
E
CVE-2025-5135 Tmall Demo Product Details Page admin cross site scripting
E
CVE-2025-5134 Tmall Demo Buy Item Page cross site scripting
E
CVE-2025-5133 Tmall Demo Search Box cross site scripting
E
CVE-2025-5132 Tmall Demo logout cross-site request forgery
E
CVE-2025-5131 Tmall Demo uploadCategoryImage unrestricted upload
E
CVE-2025-5130 Tmall Demo uploadProductImage unrestricted upload
E
CVE-2025-5129 Sangfor 零信任访问控制系统 aTrust MSASN1.dll uncontrolled search path
E
CVE-2025-5128 ScriptAndTools Real-Estate-website-in-PHP Admin Login Panel admin sql injection
E
CVE-2025-5127 FLIR AX8 prod.php cross site scripting
E
CVE-2025-5126 FLIR AX8 settingsregional.php setDataTime command injection
E
CVE-2025-5124 Sony SNC-M1 Administrative Interface default credentials
E
CVE-2025-4223 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter
CVE-2025-5058 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_image()
CVE-2025-4336 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file()
CVE-2025-4603 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Deletion
CVE-2025-4602 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Read
CVE-2025-5055 Smart Forms <= 2.6.98 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2025-3869 4stats <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2024-13427 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link
CVE-2025-48751 The process_lock crate 0.1.0 for Rust allows data races in unlock....
CVE-2025-48756 In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware devic...
CVE-2025-48753 In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock....
CVE-2025-48755 In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type)....
CVE-2025-48752 In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mu...
CVE-2025-48754 In the memory_pages crate 0.1.0 for Rust, division by zero can occur....
CVE-2025-5119 Emlog Pro api_controller.php sql injection
E
CVE-2025-24917 Improper Access Control leads to Local Privilege Escalation
S
CVE-2025-24916 Improper Access Control leads to Local Priviledge Escalation
S
CVE-2025-48375 Schule Missing Rate Limiting on OTP Email Requests – Susceptible to Abuse & DoS
CVE-2025-48377 Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode
CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline
CVE-2025-48376 Dnn.Platform's Site Import could use an external source with a crafted request
CVE-2025-43860 OpemRMS Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics
CVE-2025-32967 OpenEMR doesn't log password administration properly
CVE-2025-32794 OpenEMR Stored XSS via Patient Name Field in Procedure Orders
E
CVE-2022-31812 A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected serve...
CVE-2022-31807 A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass inte...
CVE-2018-25110 Regular Expression Denial of Service (ReDoS) in markedjs/marked
E S
CVE-2025-5114 easysoft zentaopms Editor index.php edit deserialization
E
CVE-2025-5112 FreeFloat FTP Server MGET Command buffer overflow
E
CVE-2025-5111 FreeFloat FTP Server TYPE Command buffer overflow
E
CVE-2025-3580 An access control vulnerability was discovered in Grafana OSS where an Organization administrator co...
CVE-2025-5110 FreeFloat FTP Server VERBOSE Command buffer overflow
E
CVE-2025-5109 FreeFloat FTP Server STATUS Command buffer overflow
E
CVE-2025-31049 WordPress Dash <= 1.3 - PHP Object Injection Vulnerability
CVE-2025-31053 WordPress KBx Pro Ultimate <= 7.9.8 - Arbitrary File Deletion Vulnerability
CVE-2025-31056 WordPress WhatsCart plugin <= 1.1.0 - SQL Injection vulnerability
CVE-2025-31060 WordPress Capie <= 1.0.40 - Local File Inclusion Vulnerability
CVE-2025-31064 WordPress Vizeon - Business Consulting <= 1.1.7 - Local File Inclusion Vulnerability
CVE-2025-31069 WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - PHP Object Injection Vulnerability
CVE-2025-31397 WordPress Bus Ticket Booking with Seat Reservation for WooCommerce plugin <= 1.7 - SQL Injection vulnerability
CVE-2025-31423 WordPress Umberto <= 1.2.8 - PHP Object Injection Vulnerability
CVE-2025-31430 WordPress The Business <= 1.6.1 - PHP Object Injection Vulnerability
CVE-2025-31631 WordPress Fish House <= 1.2.7 - PHP Object Injection Vulnerability
CVE-2025-31632 WordPress La Boom <= 2.7 - Local File Inclusion Vulnerability
CVE-2025-31633 WordPress Kiamo - Responsive Business Service WordPress Theme <= 1.3.3 - Local File Inclusion Vulnerability
CVE-2025-31636 WordPress WP Post Modules for Elementor plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31912 WordPress Enzio - Responsive Business WordPress Theme <= 1.1.8 - Local File Inclusion Vulnerability
CVE-2025-31913 WordPress Ogami <= 1.53 - Local File Inclusion Vulnerability
CVE-2025-31914 WordPress Pixel WordPress Form BuilderPlugin & Autoresponder <= 1.0.2 - SQL Injection Vulnerability
CVE-2025-31916 WordPress JP Students Result Management System Premium plugin 1.1.7 - Arbitrary File Upload vulnerability
CVE-2025-31918 WordPress Simple Business Directory Pro <= 15.4.8 - Privilege Escalation Vulnerability
CVE-2025-31924 WordPress Crafts & Arts <= 2.5 - PHP Object Injection Vulnerability
CVE-2025-31927 WordPress Acerola <= 1.6.5 - PHP Object Injection Vulnerability
CVE-2025-32284 WordPress Pet World <= 2.8 - PHP Object Injection Vulnerability
CVE-2025-32285 WordPress Butcher theme <= 2.40 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-32286 WordPress Butcher <= 2.40 - Local File Inclusion Vulnerability
CVE-2025-32289 WordPress Yozi <= 2.0.52 - Local File Inclusion Vulnerability
CVE-2025-32292 WordPress Jarvis – Night Club, Concert, Festival WordPress <= 1.8.11 - PHP Object Injection Vulnerability
CVE-2025-32293 WordPress Finance Consultant <= 2.8 - PHP Object Injection Vulnerability
CVE-2025-32294 WordPress Oxpitan <= 1.3.1 - Local File Inclusion Vulnerability
CVE-2025-32302 WordPress Winnex <= 1.3.2 - Local File Inclusion Vulnerability
CVE-2025-32309 WordPress Healsoul <= 2.0.2 - Local File Inclusion Vulnerability
CVE-2025-39480 WordPress Car Dealer <= 1.6.6 - PHP Object Injection Vulnerability
CVE-2025-39485 WordPress GrandTour Theme <= 5.5.1 - PHP Object Injection vulnerability
CVE-2025-39489 WordPress CouponXL <= 4.5.0 - Privilege Escalation Vulnerability
CVE-2025-39490 WordPress Backpack Traveler <= 2.7 - Local File Inclusion Vulnerability
CVE-2025-39494 WordPress Wilmër theme < 3.4.2 - Local File Inclusion Vulnerability
S
CVE-2025-39495 WordPress Avantage Theme <= 2.4.6 - PHP Object Injection vulnerability
CVE-2025-39499 WordPress Medicare Theme <= 2.1.0 - PHP Object Injection vulnerability
CVE-2025-39500 WordPress Goodlayers Hostel Plugin <= 3.1.2 - PHP Object Injection vulnerability
CVE-2025-39501 WordPress Goodlayers Hostel Plugin <= 3.1.2 - SQL Injection vulnerability
CVE-2025-39502 WordPress Goodlayers Hostel Plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-39503 WordPress Goodlayers Hotel plugin <= 3.1.4 - PHP Object Injection vulnerability
CVE-2025-39504 WordPress Goodlayers Hotel plugin <= 3.1.4 - SQL Injection vulnerability
CVE-2025-39505 WordPress Goodlayers Hotel plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-39506 WordPress Nasa Core Plugin <= 6.3.2 - Local File Inclusion vulnerability
CVE-2025-39536 WordPress JobHunt Job Alerts <= 3.6 - Arbitrary Content Deletion Vulnerability
CVE-2025-46437 WordPress Tayori Form plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-46440 WordPress kStats Reloaded plugin <= 0.7.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-46444 WordPress Ads Pro plugin <= 4.88 - Local File Inclusion vulnerability
CVE-2025-46446 WordPress Libro de Reclamaciones <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46448 WordPress Document Management System <= 1.24 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46454 WordPress Meta Keywords & Description <= 0.8 - Local File Inclusion Vulnerability
CVE-2025-46455 WordPress WP HRM LITE <= 1.1 - SQL Injection Vulnerability
CVE-2025-46456 WordPress Theme Blvd Sliders plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-46458 WordPress occupancyplan plugin <= 1.0.3.0 - CSRF to SQL Injection vulnerability
CVE-2025-46460 WordPress Easy Guide <= 1.0.0 - SQL Injection Vulnerability
CVE-2025-46463 WordPress Mailing Group Listserv <= 3.0.4 - SQL Injection Vulnerability
S
CVE-2025-46468 WordPress Fable Extra <= 1.0.6 - Local File Inclusion Vulnerability
S
CVE-2025-46474 WordPress SEUR Oficial <= 2.2.23 - Local File Inclusion Vulnerability
S
CVE-2025-46486 WordPress Nomupay Payment Processing Gateway <= 7.1.7 - Arbitrary File Download Vulnerability
S
CVE-2025-46487 WordPress EC Authorize.net plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-46488 WordPress Visual Builder plugin <= 1.2.2 - Broken Access Control vulnerability
S
CVE-2025-46490 WordPress Crossword Compiler Puzzles <= 5.2 - Arbitrary File Upload Vulnerability
S
CVE-2025-46493 WordPress Crossword Compiler Puzzles <= 5.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46515 WordPress Category Widget plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-46518 WordPress IGIT Related Posts With Thumb Image After Posts <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46526 WordPress My Custom Widgets plugin <= 2.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-46527 WordPress Web3Press – Decentralize Publishing with Writing NFT plugin <= 3.2.0 - Arbitrary File Read vulnerability
S
CVE-2025-46537 WordPress Section Widget plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-46539 WordPress Fable Extra <= 1.0.6 - SQL Injection Vulnerability
S
CVE-2025-47438 WordPress WP Job Portal plugin <= 2.3.1 - Local File Inclusion vulnerability
S
CVE-2025-47453 WordPress WP Smart Import <= 1.1.3 - Local File Inclusion Vulnerability
S
CVE-2025-47458 WordPress B2i Investor Tools plugin <= 1.0.7.9 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-47461 WordPress Subaccounts for WooCommerce plugin <= 1.6.6 - Account Takeover vulnerability
S
CVE-2025-47478 WordPress ProfileGrid <= 5.9.5.0 - SQL Injection Vulnerability
S
CVE-2025-47492 WordPress Drag and Drop File Upload for Elementor Forms <= 1.4.3 - Arbitrary File Deletion Vulnerability
S
CVE-2025-47512 WordPress Tainacan plugin <= 0.21.14 - Arbitrary File Deletion vulnerability
S
CVE-2025-47513 WordPress Infocob CRM Forms plugin <= 2.4.0 - Arbitrary File Download vulnerability
S
CVE-2025-47529 WordPress Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Settings Change Vulnerability
S
CVE-2025-47530 WordPress WPFunnels <= 3.5.18 - PHP Object Injection Vulnerability
S
CVE-2025-47532 WordPress CoinPayments.net Payment Gateway for WooCommerce <= 1.0.17 - PHP Object Injection Vulnerability
S
CVE-2025-47535 WordPress Opal Woo Custom Product Variation <= 1.2.0 - Arbitrary File Deletion Vulnerability
S
CVE-2025-47539 WordPress Eventin <= 4.0.26 - Privilege Escalation Vulnerability
S
CVE-2025-47541 WordPress Mail Mint <= 1.17.7 - Sensitive Data Exposure Vulnerability
S
CVE-2025-47558 WordPress MapSVG plugin <= 8.5.31 - Broken Access Control vulnerability
CVE-2025-47568 WordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerability
CVE-2025-47575 WordPress School Management plugin <= 92.0.0 - SQL Injection vulnerability
CVE-2025-47599 WordPress Facturante <= 1.11 - SQL Injection Vulnerability
CVE-2025-47603 WordPress belingoGeo <= 1.12.0 - Arbitrary File Download Vulnerability
CVE-2025-47611 WordPress User Meta plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47613 WordPress School Management System for Wordpress plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47618 WordPress BMI Adult & Kid Calculator plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47619 WordPress 6Storage Rentals <= 2.19.4 - Broken Access Control Vulnerability
CVE-2025-47631 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Privilege Escalation vulnerability
CVE-2025-47637 WordPress STAGGS <= 2.11.0 - Arbitrary File Upload Vulnerability
S
CVE-2025-47640 WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - SQL Injection Vulnerability
CVE-2025-47641 WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - Arbitrary File Upload Vulnerability
CVE-2025-47642 WordPress Ajar in5 Embed <= 3.1.5 - Arbitrary File Upload Vulnerability
CVE-2025-47646 WordPress PSW Front-end Login & Registration <= 1.13 - Broken Authentication Vulnerability
CVE-2025-47658 WordPress ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.7 - Arbitrary File Upload Vulnerability
CVE-2025-47660 WordPress WC Affiliate <= 2.9.1 - PHP Object Injection Vulnerability
CVE-2025-47663 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability
CVE-2025-47670 WordPress WordPress Social Login and Register <= 7.6.10 - Local File Inclusion Vulnerability
CVE-2025-47671 WordPress Binary MLM Plan <= 3.0 - SQL Injection Vulnerability
CVE-2025-47672 WordPress miniOrange Discord Integration <= 2.2.2 - Local File Inclusion Vulnerability
CVE-2025-47673 WordPress Arconix Shortcodes plugin <= 2.1.16 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-47678 WordPress FunnelCockpit plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47680 WordPress xili-tidy-tags plugin <= 1.12.06 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47687 WordPress StoreKeeper for WooCommerce <= 14.4.4 - Arbitrary File Upload Vulnerability
CVE-2025-47690 WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2025-48241 WordPress Verge3D plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-48245 WordPress Quick Contact Form plugin <= 8.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-48271 WordPress Leadinfo <= 1.1 - Settings Change Vulnerability
S
CVE-2025-48273 WordPress WP Job Portal <= 2.3.2 - Arbitrary File Download Vulnerability
S
CVE-2025-48275 WordPress Visual Header <= 1.3 - Broken Access Control Vulnerability
S
CVE-2025-48283 WordPress Majestic Support <= 1.1.0 - SQL Injection Vulnerability
S
CVE-2025-48286 WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-48287 WordPress Pix 4x sem juros - Pagaleve <= 1.6.9 - PHP Object Injection Vulnerability
S
CVE-2025-48289 WordPress Kids Planet <= 2.2.14 - PHP Object Injection Vulnerability
S
CVE-2025-48292 WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability
S
CVE-2025-41380 Injection vulnerability in Iridium Certus 700
S
CVE-2025-41379 Injection vulnerability in Iridium Certus 700
S
CVE-2025-41378 Injection vulnerability in Iridium Certus 700
S
CVE-2025-41377 Cryptographic vulnerability in Iridium Certus 700
S
CVE-2024-7803 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab
E S
CVE-2025-5108 zongzhige ShopXO ZIP File Payment.php Upload unrestricted upload
E
CVE-2025-5107 Fujian Kelixun xml_cdr_details.php sql injection
E
CVE-2025-1123 Solid Mail – SMTP email and logging made by SolidWP <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.