Last Updated CVEs

Last updated: 
ID Summary Flags Max Score
CVE-2024-10873 LA-Studio Element Kit for Elementor <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion
S
CVE-2024-10880 JobBoardWP – Job Board Listings and Submissions <= 1.3.0 - Reflected Cross-Site Scripting
S
CVE-2024-11188 Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder <= 6.16.1.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter
CVE-2024-9659 School Management <= 91.5.0 - Unauthenticated Arbitrary File Upload
CVE-2024-9660 School Management <= 91.5.0 - Authenticated (Student+) Arbitrary File Upload
CVE-2024-10519 Wishlist for WooCommerce: Multi Wishlists Per Customer PRO 3.0.8 - 3.1.2 - Reflected Cross-Site Scripting via wtab Parameter
S
CVE-2024-10542 Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation
S
CVE-2024-10781 Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.44 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Arbitrary Plugin Installation
S
CVE-2025-5199 LPE on Multipass for macOS
S
CVE-2025-49670 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49717 Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2025-47988 Azure Monitor Agent Remote Code Execution Vulnerability
CVE-2025-49744 Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-49742 Windows Graphics Component Remote Code Execution Vulnerability
CVE-2025-49741 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2025-49740 Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2025-49739 Visual Studio Elevation of Privilege Vulnerability
CVE-2025-49738 Microsoft PC Manager Elevation of Privilege Vulnerability
CVE-2025-49737 Microsoft Teams Elevation of Privilege Vulnerability
CVE-2025-47999 Windows Hyper-V Denial of Service Vulnerability
CVE-2025-49733 Win32k Elevation of Privilege Vulnerability
CVE-2025-49732 Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-49730 Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability
CVE-2025-49729 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49727 Win32k Elevation of Privilege Vulnerability
CVE-2025-49725 Windows Notification Elevation of Privilege Vulnerability
CVE-2025-49724 Windows Connected Devices Platform Service Remote Code Execution Vulnerability
CVE-2025-49722 Windows Print Spooler Denial of Service Vulnerability
CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability
CVE-2025-49714 Visual Studio Code Python Extension Remote Code Execution Vulnerability
CVE-2025-49706 Microsoft SharePoint Server Spoofing Vulnerability
CVE-2025-49705 Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2025-49704 Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-49703 Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49702 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49701 Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-49700 Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49699 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49698 Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49697 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49696 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49695 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-49693 Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-49685 Windows Search Service Elevation of Privilege Vulnerability
CVE-2025-49684 Windows Storage Port Driver Information Disclosure Vulnerability
CVE-2025-49683 Microsoft Virtual Hard Disk Remote Code Execution Vulnerability
CVE-2025-49682 Windows Media Elevation of Privilege Vulnerability
CVE-2025-49681 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-49680 Windows Performance Recorder (WPR) Denial of Service Vulnerability
CVE-2025-49679 Windows Shell Elevation of Privilege Vulnerability
CVE-2025-49678 NTFS Elevation of Privilege Vulnerability
CVE-2025-49675 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2025-49673 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49669 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49668 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49667 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2025-49666 Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability
CVE-2025-49665 Workspace Broker Elevation of Privilege Vulnerability
CVE-2025-49664 Windows User-Mode Driver Framework Host Information Disclosure Vulnerability
CVE-2025-49663 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49660 Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2025-49659 Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability
CVE-2025-48823 Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2025-48822 Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability
CVE-2025-48821 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
CVE-2025-48820 Windows AppX Deployment Service Elevation of Privilege Vulnerability
CVE-2025-48819 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
CVE-2025-48818 BitLocker Security Feature Bypass Vulnerability
CVE-2025-48817 Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-48816 HID Class Driver Elevation of Privilege Vulnerability
CVE-2025-48815 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2025-48814 Remote Desktop Licensing Service Security Feature Bypass Vulnerability
CVE-2025-48811 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2025-48810 Windows Secure Kernel Mode Information Disclosure Vulnerability
CVE-2025-48809 Windows Secure Kernel Mode Information Disclosure Vulnerability
CVE-2025-48808 Windows Kernel Information Disclosure Vulnerability
CVE-2025-48806 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
CVE-2025-48805 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
CVE-2025-48804 BitLocker Security Feature Bypass Vulnerability
CVE-2025-48803 Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability
CVE-2025-48802 Windows SMB Server Spoofing Vulnerability
CVE-2025-48800 BitLocker Security Feature Bypass Vulnerability
CVE-2025-48799 Windows Update Service Elevation of Privilege Vulnerability
CVE-2025-48003 BitLocker Security Feature Bypass Vulnerability
CVE-2025-48002 Windows Hyper-V Information Disclosure Vulnerability
CVE-2025-48001 BitLocker Security Feature Bypass Vulnerability
CVE-2025-48000 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2025-47998 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-47996 Windows MBT Transport Driver Elevation of Privilege Vulnerability
CVE-2025-47982 Windows Storage VSP Driver Elevation of Privilege Vulnerability
CVE-2025-47981 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVE-2025-47980 Windows Imaging Component Information Disclosure Vulnerability
CVE-2025-47978 Windows Kerberos Denial of Service Vulnerability
CVE-2025-47975 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2025-47973 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2025-49760 Windows Storage Spoofing Vulnerability
CVE-2025-49756 Office Developer Platform Security Feature Bypass Vulnerability
CVE-2025-49753 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49713 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-47178 Microsoft Configuration Manager Remote Code Execution Vulnerability
CVE-2025-49735 Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
CVE-2025-49731 Microsoft Teams Elevation of Privilege Vulnerability
CVE-2025-49726 Windows Notification Elevation of Privilege Vulnerability
CVE-2025-49723 Windows StateRepository API Server file Tampering Vulnerability
CVE-2025-49721 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
CVE-2025-49719 Microsoft SQL Server Information Disclosure Vulnerability
CVE-2025-49716 Windows Netlogon Denial of Service Vulnerability
CVE-2025-49711 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-48812 Microsoft Excel Information Disclosure Vulnerability
CVE-2025-47994 Microsoft Office Elevation of Privilege Vulnerability
CVE-2025-47993 Microsoft PC Manager Elevation of Privilege Vulnerability
CVE-2025-47991 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
CVE-2025-49694 Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-49691 Windows Miracast Wireless Display Remote Code Execution Vulnerability
CVE-2025-49690 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
CVE-2025-49689 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2025-49688 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49687 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
CVE-2025-49686 Windows TCP/IP Driver Elevation of Privilege Vulnerability
CVE-2025-49677 Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-49676 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49674 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49672 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49671 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-49661 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-49658 Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability
CVE-2025-49657 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-48824 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-47987 Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
CVE-2025-47986 Universal Print Management Service Elevation of Privilege Vulnerability
CVE-2025-47985 Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2025-47984 Windows GDI Information Disclosure Vulnerability
CVE-2025-47976 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2025-47972 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
CVE-2025-47971 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2025-21195 Azure Service Fabric Runtime Elevation of Privilege Vulnerability
CVE-2025-47159 Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability
CVE-2025-33054 Remote Desktop Spoofing Vulnerability
CVE-2025-26636 Windows Kernel Information Disclosure Vulnerability
CVE-2025-7460 TOTOLINK T6 HTTP POST Request cstecgi.cgi setWiFiAclRules buffer overflow
E
CVE-2025-53636 Open OnDemand Shell App closed websocket DoS
CVE-2024-12596 LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes <= 7.8.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
S
CVE-2025-2290 LifterLMS <= 8.0.1 - Missing Authorization to Unauthenticated Post Trashing
S
CVE-2024-12713 SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure
S
CVE-2025-6691 SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Submission Deletion
S
CVE-2025-6742 SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated PHP Object Injection (PHAR) Triggered via Admin Submission Deletion
S
CVE-2025-7459 code-projects Mobile Shop EditMobile.php sql injection
E
CVE-2025-7457 Campcodes Online Movie Theater Seat Reservation System manage_movie.php sql injection
E
CVE-2024-10100 Path Traversal in binary-husky/gpt_academic
E
CVE-2024-10101 Stored XSS in binary-husky/gpt_academic
E
CVE-2024-10109 Incorrect Authorization in mintplex-labs/anything-llm
E S
CVE-2024-10225 Denial of Service in haotian-liu/llava
E
CVE-2024-9387 URL Redirection to Untrusted Site ('Open Redirect') in GitLab
E S
CVE-2024-10252 Code Injection in langgenius/dify
E S
CVE-2025-0194 Insertion of Sensitive Information into Externally-Accessible File or Directory in GitLab
E S
CVE-2024-8116 Incorrect Authorization in GitLab
E S
CVE-2024-8650 Incorrect Authorization in GitLab
E S
CVE-2023-5117 Exposure of Sensitive Information Due to Incompatible Policies in GitLab
S
CVE-2024-10043 Incorrect Authorization in GitLab
E S
CVE-2024-11274 URL Redirection to Untrusted Site ('Open Redirect') in GitLab
E S
CVE-2024-12292 Insertion of Sensitive Information into Log File in GitLab
S
CVE-2024-10359 Mass Assignment in Preset Creation Allows User ID Manipulation in danny-avila/librechat
E S
CVE-2024-12570 Privilege Context Switching Error in GitLab
E S
CVE-2025-7456 Campcodes Online Movie Theater Seat Reservation System reserve.php sql injection
E
CVE-2025-7455 Campcodes Online Movie Theater Seat Reservation System manage_reserve.php sql injection
E
CVE-2025-52089 A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.5...
CVE-2025-48924 Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs
CVE-2025-30403 A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a Q...
CVE-2025-3880 Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.9.0 - Incorrect Authorization to Authenticated (Contributor+) Plugin Settings Update
S
CVE-2025-52964 Junos OS and Junos OS Evolved: Receipt of a specific BGP UPDATE causes an rpd crash on devices with BGP multipath configured
S
CVE-2025-52963 Junos OS: A low-privileged user can disable an interface
S
CVE-2024-8179 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2025-52953 Junos OS and Junos OS Evolved: An unauthenticated adjacent attacker sending a valid BGP UPDATE packet forces a BGP session reset
S
CVE-2024-10361 Arbitrary File Deletion via Path Traversal in danny-avila/librechat
E S
CVE-2025-52952 Junos OS: MX Series with MPC-BUILTIN, MPC 1 through MPC 9: Receipt and processing of a malformed packet causes one or more FPCs to crash
S
CVE-2024-8233 Inefficient Algorithmic Complexity in GitLab
E S
CVE-2024-10363 Improper Access Control in danny-avila/LibreChat
E S
CVE-2025-52955 Junos OS: When jflow/sflow is configured continuous logical interface flaps causes rpd crash and restart
S
CVE-2025-30661 Junos OS: Low-privileged user can cause script to run as root, leading to privilege escalation
S
CVE-2019-20208 dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow....
E S
CVE-2023-41842 A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager versio...
S
CVE-2018-1000519 aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for Redi...
E
CVE-2019-13454 ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/l...
E S
CVE-2024-27613 Numbas editor before 7.3 mishandles reading of themes and extensions....
CVE-2024-13576 Gumlet Video <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11364 Rockwell Automation Third Party Vulnerability in Arena®
S
CVE-2024-1044 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification...
CVE-2024-5260 Sina Extension for Elementor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via read_more_text Parameter
CVE-2024-7810 SourceCodester Online Graduate Tracer System view_itprofile.php sql injection
E
CVE-2024-1529 Cross-site Scripting in CMS Made Simple
S
CVE-2024-25591 WordPress WP Editor plugin <=1.2.7 - Sensitive Data Exposure vulnerability
S
CVE-2024-22854 DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.2...
E
CVE-2024-4751 WP Prayer II <= 2.4.7 - Settings Update via CSRF
E
CVE-2024-7606 Front End Users <= 3.2.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2024-7607 Front End Users <= 3.2.28 - Authenticated (Contributor+) Time-Based SQL Injection
S
CVE-2024-5784 Tutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference
CVE-2025-5062 WooCommerce <= 9.4.2 - PostMessage-Based Cross-Site Scripting
CVE-2025-4405 Hot Random Image <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter
S
CVE-2025-4419 Hot Random Image <= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path Parameter
S
CVE-2025-4594 Tournamatch <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.