CVE-2025-22xxx

There are 777 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-22000 mm/huge_memory: drop beyond-EOF folios with the right number of refs
S
CVE-2025-22001 accel/qaic: Fix integer overflow in qaic_validate_req()
S
CVE-2025-22002 netfs: Call `invalidate_cache` only if implemented
S
CVE-2025-22003 can: ucan: fix out of bound read in strscpy() source
S
CVE-2025-22004 net: atm: fix use after free in lec_send()
S
CVE-2025-22005 ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
S
CVE-2025-22006 net: ethernet: ti: am65-cpsw: Fix NAPI registration sequence
S
CVE-2025-22007 Bluetooth: Fix error code in chan_alloc_skb_cb()
S
CVE-2025-22008 regulator: check that dummy regulator has been probed before using it
CVE-2025-22009 regulator: dummy: force synchronous probing
S
CVE-2025-22010 RDMA/hns: Fix soft lockup during bt pages loop
S
CVE-2025-22011 ARM: dts: bcm2711: Fix xHCI power-domain
S
CVE-2025-22012 Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu"
S
CVE-2025-22013 KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
CVE-2025-22014 soc: qcom: pdr: Fix the potential deadlock
S
CVE-2025-22015 mm/migrate: fix shmem xarray update during migration
CVE-2025-22016 dpll: fix xa_alloc_cyclic() error handling
CVE-2025-22017 devlink: fix xa_alloc_cyclic() error handling
CVE-2025-22018 atm: Fix NULL pointer dereference
S
CVE-2025-22019 bcachefs: bch2_ioctl_subvolume_destroy() fixes
CVE-2025-22020 memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
S
CVE-2025-22021 netfilter: socket: Lookup orig tuple for IPv6 SNAT
CVE-2025-22022 usb: xhci: Apply the link chain quirk on NEC isoc endpoints
CVE-2025-22023 usb: xhci: Don't skip on Stopped - Length Invalid
CVE-2025-22024 nfsd: fix management of listener transports
S
CVE-2025-22025 nfsd: put dl_stid if fail to queue dl_recall
CVE-2025-22026 nfsd: don't ignore the return code of svc_proc_register()
CVE-2025-22027 media: streamzap: fix race between device disconnection and urb callback
S
CVE-2025-22028 media: vimc: skip .s_stream() for stopped entities
CVE-2025-22029 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-22030 mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()
CVE-2025-22031 PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion
S
CVE-2025-22032 wifi: mt76: mt7921: fix kernel panic due to null pointer dereference
S
CVE-2025-22033 arm64: Don't call NULL in do_compat_alignment_fixup()
S
CVE-2025-22034 mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs
CVE-2025-22035 tracing: Fix use-after-free in print_graph_function_flags during tracer switching
S
CVE-2025-22036 exfat: fix random stack corruption after get_block
S
CVE-2025-22037 ksmbd: fix null pointer dereference in alloc_preauth_hash()
S
CVE-2025-22038 ksmbd: validate zero num_subauth before sub_auth is accessed
S
CVE-2025-22039 ksmbd: fix overflow in dacloffset bounds check
CVE-2025-22040 ksmbd: fix session use-after-free in multichannel connection
S
CVE-2025-22041 ksmbd: fix use-after-free in ksmbd_sessions_deregister()
S
CVE-2025-22042 ksmbd: add bounds check for create lease context
CVE-2025-22043 ksmbd: add bounds check for durable handle context
CVE-2025-22044 acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
CVE-2025-22045 x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
CVE-2025-22046 uprobes/x86: Harden uretprobe syscall trampoline check
CVE-2025-22047 x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
CVE-2025-22048 LoongArch: BPF: Don't override subprog's return value
CVE-2025-22049 LoongArch: Increase ARCH_DMA_MINALIGN up to 16
CVE-2025-22050 usbnet:fix NPE during rx_complete
CVE-2025-22051 staging: gpib: Fix Oops after disconnect in agilent usb
S
CVE-2025-22052 staging: gpib: Fix Oops after disconnect in ni_usb
S
CVE-2025-22053 net: ibmveth: make veth_pool_store stop hanging
CVE-2025-22054 arcnet: Add NULL check in com20020pci_probe()
S
CVE-2025-22055 net: fix geneve_opt length integer overflow
CVE-2025-22056 netfilter: nft_tunnel: fix geneve_opt type confusion addition
S
CVE-2025-22057 net: decrease cached dst counters in dst_release
CVE-2025-22058 udp: Fix memory accounting leak.
CVE-2025-22059 udp: Fix multiple wraparounds of sk->sk_rmem_alloc.
S
CVE-2025-22060 net: mvpp2: Prevent parser TCAM memory corruption
CVE-2025-22061 net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue()
CVE-2025-22062 sctp: add mutual exclusion in proc_sctp_do_udp_port()
S
CVE-2025-22063 netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
S
CVE-2025-22064 netfilter: nf_tables: don't unregister hook when table is dormant
CVE-2025-22065 idpf: fix adapter NULL pointer dereference on reboot
S
CVE-2025-22066 ASoC: imx-card: Add NULL check in imx_card_probe()
S
CVE-2025-22067 spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()
S
CVE-2025-22068 ublk: make sure ubq->canceling is set when queue is frozen
S
CVE-2025-22069 riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler
CVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdir
S
CVE-2025-22071 spufs: fix a leak in spufs_create_context()
CVE-2025-22072 spufs: fix gang directory lifetimes
CVE-2025-22073 spufs: fix a leak on spufs_new_file() failure
CVE-2025-22074 ksmbd: fix r_count dec/increment mismatch
CVE-2025-22075 rtnetlink: Allocate vfinfo size for VF GUIDs when supported
CVE-2025-22076 exfat: fix missing shutdown check
CVE-2025-22077 Revert "smb: client: fix TCP timers deadlock after rmmod"
CVE-2025-22078 staging: vchiq_arm: Fix possible NPR of keep-alive thread
CVE-2025-22079 ocfs2: validate l_tree_depth to avoid out-of-bounds access
CVE-2025-22080 fs/ntfs3: Prevent integer overflow in hdr_first_de()
S
CVE-2025-22081 fs/ntfs3: Fix a couple integer overflows on 32bit systems
S
CVE-2025-22082 iio: backend: make sure to NULL terminate stack buffer
CVE-2025-22083 vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
CVE-2025-22084 w1: fix NULL pointer dereference in probe
CVE-2025-22085 RDMA/core: Fix use-after-free when rename device name
S
CVE-2025-22086 RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
CVE-2025-22087 bpf: Fix array bounds error with may_goto
CVE-2025-22088 RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
S
CVE-2025-22089 RDMA/core: Don't expose hw_counters outside of init net namespace
CVE-2025-22090 x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()
CVE-2025-22091 RDMA/mlx5: Fix page_size variable overflow
CVE-2025-22092 PCI: Fix NULL dereference in SR-IOV VF creation error path
CVE-2025-22093 drm/amd/display: avoid NPD when ASIC does not support DMUB
CVE-2025-22094 powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu'
CVE-2025-22095 PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
CVE-2025-22096 drm/msm/gem: Fix error code msm_parse_deps()
CVE-2025-22097 drm/vkms: Fix use after free and double free on init error
S
CVE-2025-22098 drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set()
CVE-2025-22099 drm: xlnx: zynqmp_dpsub: Add NULL check in zynqmp_audio_init
CVE-2025-22100 drm/panthor: Fix race condition when gathering fdinfo group samples
CVE-2025-22101 net: libwx: fix Tx L4 checksum
CVE-2025-22102 Bluetooth: btnxpuart: Fix kernel panic during FW release
CVE-2025-22103 net: fix NULL pointer dereference in l3mdev_l3_rcv
CVE-2025-22104 ibmvnic: Use kernel helpers for hex dumps
CVE-2025-22105 bonding: check xdp prog when set bond mode
CVE-2025-22106 vmxnet3: unregister xdp rxq info in the reset path
CVE-2025-22107 net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()
CVE-2025-22108 bnxt_en: Mask the bd_cnt field in the TX BD properly
CVE-2025-22109 ax25: Remove broken autobind
CVE-2025-22110 netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error
CVE-2025-22111 net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.
CVE-2025-22112 eth: bnxt: fix out-of-range access of vnic_info array
CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying
CVE-2025-22114 btrfs: don't clobber ret in btrfs_validate_super()
CVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
CVE-2025-22116 idpf: check error for register_netdev() on init
CVE-2025-22117 ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()
CVE-2025-22118 ice: validate queue quanta parameters to prevent OOB access
CVE-2025-22119 wifi: cfg80211: init wiphy_work before allocating rfkill fails
CVE-2025-22120 ext4: goto right label 'out_mmap_sem' in ext4_setattr()
CVE-2025-22121 ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
CVE-2025-22122 block: fix adding folio to bio
CVE-2025-22123 f2fs: fix to avoid accessing uninitialized curseg
CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
CVE-2025-22125 md/raid1,raid10: don't ignore IO flags
CVE-2025-22126 md: fix mddev uaf while iterating all_mddevs list
CVE-2025-22127 f2fs: fix potential deadloop in prepare_compress_overwrite()
CVE-2025-22128 wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path
CVE-2025-22129 Initial effort field does not respect field permissions in the Taskboard REST card representation in Tuleap
E
CVE-2025-22130 Soft Serve allows path traversal attacks
CVE-2025-22131 Cross-Site Scripting (XSS) vulnerability in generateNavigation() function
E S
CVE-2025-22132 WeGIA has a Cross-Site Scripting (XSS) in File Upload Field
E S
CVE-2025-22133 WeGIA Allows Arbitrary File Upload with Remote Code Execution (RCE)
E S
CVE-2025-22134 heap-buffer-overflow with visual mode in Vim < 9.1.1003
CVE-2025-22136 Tabby has a TCC Bypass via Misconfigured Node Fuses
CVE-2025-22137 Arbitrary File Overwrite via HTTP POST in Pingvin Share
CVE-2025-22138 Private categories allow suggested edits to be viewed via the queue in @codidact/qpixel
CVE-2025-22139 WeGIA Cross-Site Scripting (XSS) Reflected endpoint `configuracao_geral.php` parameter `msg`
E
CVE-2025-22140 WeGIA SQL Injection (Blind Time-Based) endpoint 'dependente_listar_um.php' parameter 'id_dependente'
E
CVE-2025-22141 WeGIA SQL Injection (Blind Time-Based) endpoint 'verificar_recursos_cargo.php' parameter 'cargo'
E
CVE-2025-22142 Cross-site Scripting in NamelessMC
E
CVE-2025-22143 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'listar_permissoes.php' parameter 'msg_e'
E
CVE-2025-22144 Account Takeover in NamelessMC
E
CVE-2025-22145 Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale
CVE-2025-22146 Improper authentication on SAML SSO process allows user impersonation in sentry
CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
CVE-2025-22150 Undici Uses Insufficiently Random Values
CVE-2025-22151 Strawberry GraphQL has a type resolution vulnerability
CVE-2025-22152 Improper Path Validation Enables Path Traversal in Multiple Components in Atheos
CVE-2025-22153 try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter
CVE-2025-22157 This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0,...
S
CVE-2025-22204 Extension - regularlabs.com - Remote code execution vulnerability in the Sourcerer extensions < 12.0.0 for Joomla
CVE-2025-22205 Extension - admiror-design-studio.com - Path traversal in the Admiror Gallery 4.x component for Joomla
CVE-2025-22206 Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.2 for Joomla
E
CVE-2025-22207 [20250201] - Core - SQL injection vulnerability in Scheduled Tasks component
CVE-2025-22208 Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla
E
CVE-2025-22209 Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla
E
CVE-2025-22210 Extension - hikashop.com - SQL injection in Hikashop component version 3.3.0 - 5.1.4 for Joomla
E
CVE-2025-22211 Extension - webdesigner-profi.de - SQL injection in JoomShopping component version 1.0.0 - 5.5.5 for Joomla
E
CVE-2025-22212 Extension - tassos.gr - SQL injection in Convert Forms component version 1.0.0-1.0.0 - 4.4.9 for Joomla
CVE-2025-22213 [20250301] - Core - Malicious file uploads via Media Manager
CVE-2025-22214 Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection....
CVE-2025-22215 VMSA-2025-0001: VMware Aria automation update addresses a server side request forgery vulnerability (CVE-2025-22215)
CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation
CVE-2025-22217 Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately ...
CVE-2025-22218 VMware Aria Operations for Logs information disclosure vulnerability
CVE-2025-22219 VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22219)
CVE-2025-22220 VMware Aria Operations for Logs broken access control vulnerability (CVE-2025-22220)
CVE-2025-22221 VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22221)
CVE-2025-22222 VMware Aria Operations information disclosure vulnerability (CVE-2025-22222)
CVE-2025-22223 Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized ...
CVE-2025-22224 VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads t...
KEV
CVE-2025-22225 VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the ...
KEV
CVE-2025-22226 VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-o...
KEV
CVE-2025-22228 CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length
CVE-2025-22230 Authentication bypass vulnerability
CVE-2025-22231 VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
CVE-2025-22232 Spring Cloud Config Server May Not Use Vault Token Sent By Clients
M
CVE-2025-22233 Spring Framework DataBinder Case Sensitive Match Exception
CVE-2025-22235 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
CVE-2025-22236 CVE-2025-22236 salt advisory
CVE-2025-22237 CVE-2025-22237 salt advisory
CVE-2025-22238 CVE-2025-22238 salt advisory
CVE-2025-22239 CVE-2025-22239 salt advisory
CVE-2025-22240 CVE-2025-22240 salt advisory
CVE-2025-22241 CVE-2025-22241 salt advisory
CVE-2025-22242 CVE-2025-22242 salt advisory
CVE-2025-22243 VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper in...
CVE-2025-22244 VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to...
CVE-2025-22245 VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to impr...
CVE-2025-22246 CVE-2025-22246 – UAA Private Key Exposure
M
CVE-2025-22247 Insecure file handling vulnerability
CVE-2025-22248 [pgpool] Unauthenticated access to postgres through pgpool
CVE-2025-22249 VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)
S
CVE-2025-22251 An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fo...
S
CVE-2025-22252 A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, ...
S
CVE-2025-22254 An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 th...
S
CVE-2025-22256 A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4...
S
CVE-2025-22260 WordPress Meta Tag Manager plugin <= 3.1 - Broken Access Control vulnerability
CVE-2025-22261 WordPress WP FullCalendar plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22262 WordPress Bonjour Bar plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22263 WordPress Global Gallery plugin <= 8.8.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22264 WordPress WP Query Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22265 WordPress EMI Calculator plugin <= 1.1 - Settings Change vulnerability
CVE-2025-22267 WordPress Weaver Themes Shortcode Compatibility Plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22268 WordPress Uncanny Toolkit for LearnDash plugin <= 3.7.0.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22269 WordPress Real Testimonials plugin <= 3.1.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22270 Stored XSS in CyberArk Endpoint Privilege Manager
CVE-2025-22271 IP Spoofing in CyberArk Endpoint Privilege Manager
CVE-2025-22272 Self Reflected XSS in CyberArk Endpoint Privilege Manager
CVE-2025-22273 Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager
CVE-2025-22274 HTML injection in CyberArk Endpoint Privilege Manager
CVE-2025-22275 iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive info...
CVE-2025-22276 WordPress Related Post Shortcode Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22277 WordPress Vitepos plugin <= 3.1.4 - Broken Authentication vulnerability
S
CVE-2025-22278 WordPress Whitish Lite theme <= 2.1.13 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22279 WordPress JetCompareWishlist plugin <= 1.5.9 - Local File Inclusion vulnerability
S
CVE-2025-22280 WordPress DefendWP Firewall Plugin <= 1.1.0 - Broken Access Control vulnerability
CVE-2025-22281 WordPress Simplish theme <= 2.6.4 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22282 WordPress ez Form Calculator - WordPress plugin plugin <= 2.14.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22283 WordPress GetSocial Plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22284 WordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22285 WordPress Pallet Packaging for WooCommerce Plugin <= 1.1.15 - Broken Access Control vulnerability
S
CVE-2025-22286 WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.0.21 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22287 WordPress LTL Freight Quotes – FreightQuote Edition plugin <= 2.3.11 - Broken Access Control vulnerability
S
CVE-2025-22289 WordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Broken Access Control vulnerability
S
CVE-2025-22290 WordPress LTL Freight Quotes – FreightQuote Edition Plugin <= 2.3.11 - SQL Injection vulnerability
CVE-2025-22291 WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.0.20 - Arbitrary Content Deletion vulnerability
S
CVE-2025-22292 WordPress Powerful Auto Chat plugin <= 1.9.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22293 WordPress Gutentor plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22294 WordPress Custom Field For WP Job Manager plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22295 WordPress Tripetto plugin <= 8.0.5 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22296 WordPress Hash Elements plugin <= 1.4.9 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22297 WordPress AI WP Writer plugin <= 3.8.4.4 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-22298 WordPress Hive Support plugin <= 1.1.6 - Broken Access Control vulnerability
S
CVE-2025-22299 WordPress AI for SEO plugin <= 1.2.9 - Broken Access Control vulnerability
S
CVE-2025-22300 WordPress PixelYourSite plugin <= 10.0.1.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-22301 WordPress MyBookTable Bookstore by Stormhill Media plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-22302 WordPress WP Wand plugin <= 1.2.5 - Broken Access Control vulnerability
S
CVE-2025-22303 WordPress WP Mailster plugin <= 1.8.17.0 - Sensitive Data Exposure vulnerability
S
CVE-2025-22304 WordPress WP Visitor Statistics plugin <= 7.3 - Broken Access Control vulnerability
CVE-2025-22305 WordPress Hero Banner Ultimate plugin <= 1.4.2 - Local File Inclusion vulnerability
CVE-2025-22306 WordPress Link Whisper Free plugin <= 0.7.7 - Sensitive Data Exposure vulnerability
CVE-2025-22307 WordPress Product Table for WooCommerce plugin <= 3.5.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22308 WordPress Smart Custom FIelds plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22309 WordPress SpeakOut! Email Petitions plugin <= 4.4.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22310 WordPress TemplatesNext ToolKit plugin <= 3.2.9 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22311 WordPress Private Messages for UserPro plugin <= 4.10.0 - Local File Inclusion vulnerability
CVE-2025-22312 WordPress Thim Elementor Kit plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22313 WordPress Widgetize Pages Light plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22314 WordPress Food Store plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22315 WordPress Typing Text plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22316 WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22317 WordPress Gallery Images Ape plugin <= 2.2.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22318 WordPress Standard Box Sizes plugin <= 1.6.13 - Broken Access Control vulnerability
S
CVE-2025-22319 WordPress MashShare plugin <= 4.0.47 - Broken Access Control vulnerability
CVE-2025-22320 WordPress ProductDyno plugin <= 1.0.24 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22321 WordPress ElementsCSS Addons for Elementor plugin <= 1.0.8.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22322 WordPress Private Messages for UserPro plugin <= 4.10.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22323 WordPress Image Hover Effects for Elementor plugin <= 1.0.2.3 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22324 WordPress OZ Canonical plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22325 WordPress Autocompleter plugin <= 1.3.5.2 - CSRF to Stored XSS vulnerability
CVE-2025-22326 WordPress 5centsCDN – WordPress CDN Plugin plugin <= 24.8.16 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22327 WordPress EO4WP plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22328 WordPress Elevio plugin <= 4.4.1 - CSRF to Stored XSS vulnerability
CVE-2025-22329 WordPress Free Google Maps plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22330 WordPress MG Parallax Slider plugin <= 1.0. - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22331 WordPress Cf7Save Extension plugin <= 1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22332 WordPress CloudFlare(R) Cache Purge plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22333 WordPress Piotnet Addons For Elementor plugin <= 2.4.31 - Cross-Site Scripting vulnerability
S
CVE-2025-22334 WordPress Education LMS theme <= 0.0.7 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22335 WordPress Opencart Product in WP plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22336 WordPress Wizhi Multi Filters by Wenprise plugin <= 1.8.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22337 WordPress Order Audit Log for WooCommerce plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22338 WordPress WP-tagMaker plugin <= 0.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22339 WordPress Store Commerce theme <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22340 WordPress Data Dash plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22341 WordPress Hide Login+ plugin <= 3.5.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22342 WordPress WP Simple Sitemap plugin <= 0.2 - CSRF to Stored XSS vulnerability
CVE-2025-22343 WordPress wpSOL plugin <= 1.2.0 - CSRF to Stored XSS vulnerability
CVE-2025-22344 WordPress Media Category Library plugin <= 2.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22345 WordPress TS Comfort DB plugin <= 2.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22346 WordPress Course Migration for LearnDash plugin 1.0.2 - Server Side Request Forgery (SSRF) vulnerability
CVE-2025-22347 WordPress BSK Forms Blacklist plugin <= 3.9 - CSRF to SQL Injection vulnerability
CVE-2025-22348 WordPress DynamicTags plugin <= 1.4.0 - SQL Injection vulnerability
CVE-2025-22349 WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability
CVE-2025-22350 WordPress Indeed Ultimate Learning Pro plugin <= 3.9 - SQL Injection vulnerability
CVE-2025-22351 WordPress Contact Form 7 Database – CFDB7 plugin <= 1.0.0 - SQL Injection vulnerability
CVE-2025-22352 WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes Plugin <= 1.4.8 - SQL Injection vulnerability
CVE-2025-22353 WordPress BVD Easy Gallery Manager plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22354 WordPress Digi Store theme <= 1.1.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22355 WordPress Kikx Simple Post Author Filter plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22356 WordPress Stencies plugin <= 0.58 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22357 WordPress Target Notifications plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22358 WordPress Wp advertising management plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22359 WordPress SyncFields plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22360 WordPress WP Azure offload plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22361 WordPress Opentracker Analytics Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22362 WordPress WPAchievements Free Plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22363 WordPress Allada T-shirt Designer for Woocommerce plugin <= 1.1 - Broken Access Control vulnerability
CVE-2025-22364 WordPress Ach Invoice App plugin <= 1.0.1 - Local File Inclusion vulnerability
CVE-2025-22365 WordPress EMC2 Alert Boxes Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22366 Mennekes smart/premium charges systems, Command injection in firmware upgrade
CVE-2025-22367 Mennekes smart/premium charges systems, Command injection in time setting
CVE-2025-22368 Mennekes smart/premium charges systems, Command injection in sCU firmware update
CVE-2025-22369 Mennekes smart/premium charges systems, Arbitrary file download using ReadFile endpoint
CVE-2025-22370 Mennekes smart/premium charges systems, SQL Injection in web configuration interface
CVE-2025-22371 SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC
CVE-2025-22372 Insecure password storage in SicommNet BASEC
CVE-2025-22373 XSS, HTML and Style injection on login page
CVE-2025-22374 SSRF in CyberAudit-Web videx-legacy-ssl
CVE-2025-22375 Authentication Bypass in CyberAudit-Web
CVE-2025-22376 In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit ...
CVE-2025-22377 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, ...
CVE-2025-22383 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input v...
CVE-2025-22384 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue c...
CVE-2025-22385 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created account...
CVE-2025-22386 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session...
CVE-2025-22387 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue e...
CVE-2025-22388 An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cros...
CVE-2025-22389 An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerabi...
CVE-2025-22390 An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerabi...
CVE-2025-22394 Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race ...
CVE-2025-22395 Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation V...
M
CVE-2025-22398 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used...
CVE-2025-22399 Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An un...
CVE-2025-22402 Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of...
M
CVE-2025-22443 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability
CVE-2025-22445 Misleading UI for undefined admin console settings in Calls causes security confusion
S
CVE-2025-22446 Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform...
CVE-2025-22447 Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) ver...
CVE-2025-22448 Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1...
CVE-2025-22449 Access control flaw for team admins allows unauthorized team additions
S
CVE-2025-22450 Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A re...
CVE-2025-22452 arkcompiler_ets_runtime has an out-of-bounds read vulnerability
CVE-2025-22454 Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local a...
CVE-2025-22455 A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated at...
CVE-2025-22457 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure...
KEV
CVE-2025-22458 DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a...
CVE-2025-22459 Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version...
CVE-2025-22460 Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authent...
CVE-2025-22461 SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a...
CVE-2025-22462 An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 ...
CVE-2025-22463 A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated a...
CVE-2025-22464 An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or...
CVE-2025-22465 Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a...
CVE-2025-22466 Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a...
CVE-2025-22467 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authe...
CVE-2025-22471 Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound...
CVE-2025-22472 Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Imp...
CVE-2025-22473 Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Imp...
CVE-2025-22474 Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Serv...
CVE-2025-22475 Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a C...
CVE-2025-22476 Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralizatio...
CVE-2025-22477 Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authenticatio...
CVE-2025-22478 Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction o...
CVE-2025-22479 Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of...
CVE-2025-22480 Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerabili...
CVE-2025-22481 QTS, QuTS hero
S
CVE-2025-22482 Qsync Central
S
CVE-2025-22484 File Station 5
S
CVE-2025-22486 File Station 5
S
CVE-2025-22490 File Station 5
S
CVE-2025-22491 Improper Input Validation in Foreseer Reporting Software (FRS)
CVE-2025-22492 Insecure storage of connection strings in FRS
CVE-2025-22493 Improper cookie attributes in Foreseer Reporting Software (FRS)
CVE-2025-22495 Improper input validation in
CVE-2025-22496 WordPress Notif Bell Plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22497 WordPress Simple Google Calendar Outlook Events Block Widget plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22498 WordPress LucidLMS plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22499 WordPress F4 Post Tree Plugin <= 1.1.18 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22500 WordPress Alpha Price Table For Elementor plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22501 WordPress Improve My City plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22502 WordPress MindValley Super PageMash Plugin <= 1.1 - SQL Injection vulnerability
CVE-2025-22503 WordPress Admin debug wordpress – enable debug Plugin <= 1.0.13 - Cross Site Request Forgery vulnerability
CVE-2025-22504 WordPress 4ECPS Web Forms Plugin <= 0.2.18 - Arbitrary File Upload vulnerability
CVE-2025-22505 WordPress NC Wishlist for Woocommerce Plugin <= 1.0.1 - SQL Injection vulnerability
CVE-2025-22506 WordPress Smart Agenda Plugin <= 4.7 - CSRF to Stored XSS vulnerability
CVE-2025-22507 WordPress WPMU Prefill Post Plugin <= 1.02 - SQL Injection vulnerability
CVE-2025-22508 WordPress FAT Event Lite plugin <= 1.1 - Unauthenticated Non-Arbitrary Local File Inclusion vulnerability
CVE-2025-22510 WordPress WC Price History for Omnibus plugin <= 2.1.4 - PHP Object Injection vulnerability
CVE-2025-22511 WordPress Slides & Presentations Plugin <= 0.0.39 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22512 WordPress Help Scout Plugin <= 6.5.1 - Broken Access Control vulnerability
CVE-2025-22513 WordPress Simple Locator Plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22514 WordPress Axact Author List Widget Plugin <= 3.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22515 WordPress Show Google Analytics widget plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22516 WordPress Metadata SEO plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22517 WordPress List Pages at Depth plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22518 WordPress Justified Image Gallery plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22519 WordPress eDoc Easy Tables Plugin <= 1.29 - SQL Injection vulnerability
CVE-2025-22520 WordPress Tock Widget Plugin <= 1.1 - CSRF to Stored XSS vulnerability
CVE-2025-22521 WordPress wp Hosting Performance Check Plugin <= 2.18.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22522 WordPress SingSong plugin <= 1.2 - CSRF to Stored XSS vulnerability
CVE-2025-22523 WordPress Schedule Plugin <= 1.0.0 - SQL Injection vulnerability
CVE-2025-22524 WordPress فرم ساز فرم افزار Plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22525 WordPress Donation Block For PayPal Plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22526 WordPress PHP/MySQL CPU performance statistics Plugin <= 1.2.1 - PHP Object Injection vulnerability
CVE-2025-22527 WordPress Mailing Group Listserv Plugin <= 2.0.9 - SQL Injection vulnerability
CVE-2025-22528 WordPress Huurkalender WP Plugin <= 1.5.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22529 WordPress WE Blocks <= 1.3.5 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22530 WordPress 아임포트 결제버튼 생성 플러그인 plugin <= 1.1.19 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22531 WordPress Urdu Formatter – Shamil plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22532 WordPress Simple Photo Sphere plugin <= 0.0.10 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22533 WordPress WOOEXIM Plugin <= 5.0.0 - SQL Injection vulnerability
CVE-2025-22534 WordPress Slides & Presentations Plugin <= 0.0.39 - Broken Access Control vulnerability
CVE-2025-22535 WordPress WPListCal Plugin <= 1.3.5 - SQL Injection vulnerability
CVE-2025-22536 WordPress WP Music Player Plugin <= 1.3 - SQL Injection vulnerability
CVE-2025-22537 WordPress Google Maps Travel Route Plugin <= 1.3.1 - SQL Injection vulnerability
CVE-2025-22538 WordPress Virtual Bot Plugin <= 1.0.0 - CSRF Cross Site Scripting (XSS) vulnerability
CVE-2025-22539 WordPress Custom DataBase Tables Plugin <= 2.1.34 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22540 WordPress Emailing Subscription Plugin <= 1.4.1 - SQL Injection vulnerability
CVE-2025-22541 WordPress WP Delete Post Copies plugin <= 5.5 - Broken Access Control vulnerability
CVE-2025-22542 WordPress Virtual Bot Plugin <= 1.0.0 - SQL Injection vulnerability
CVE-2025-22543 WordPress ST Gallery WP plugin <= 1.0.8 - Settings Change vulnerability
CVE-2025-22544 WordPress Mind Doodle Visual Sitemaps & Tasks plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22545 WordPress iframe to embed plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22546 WordPress jQuery TwentyTwenty plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22547 WordPress JK Html To Pdf plugin <= 1.0.0 - CSRF to Stored XSS vulnerability
CVE-2025-22548 WordPress ldap_login_password_and_role_manager plugin <= 1.0.12 - CSRF to Stored XSS vulnerability
CVE-2025-22549 WordPress WP Github plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22550 WordPress AddFunc Mobile Detect plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22551 WordPress Boot-Modal plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22552 WordPress Affiliate Disclosure Statement plugin <= 0.3 - CSRF to Stored XSS vulnerability
CVE-2025-22553 WordPress Multiple Carousel Plugin <= 2.0 - SQL Injection vulnerability
CVE-2025-22554 WordPress Video Embed Optimizer plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22555 WordPress Smoothness Slider Shortcode plugin <= v1.2.2 - CSRF to Stored XSS vulnerability
CVE-2025-22556 WordPress Norse Rune Oracle plugin <= 1.4.1 - CSRF to Stored XSS vulnerability
CVE-2025-22557 WordPress News Publisher Autopilot plugin <= 2.1.4 - CSRF to Stored XSS vulnerability
CVE-2025-22558 WordPress mcjh button shortcode plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22559 WordPress TubePress.NET Plugin <= 4.0.1 - CSRF to Stored XSS vulnerability
CVE-2025-22560 WordPress Saoshyant Page Builder plugin <= 3.8 - Broken Access Control vulnerability
CVE-2025-22561 WordPress Title Experiments Free plugin <= 9.0.4 - Broken Access Control vulnerability
CVE-2025-22562 WordPress Title Experiments Free plugin <= 9.0.4 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-22563 WordPress Pretty Urls Plugin <= 1.5.4 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-22564 WordPress Pretty Url Plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22565 WordPress vooPlayer v4 Plugin <= 4.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22566 WordPress ULTIMATE VIDEO GALLERY Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22567 WordPress TRUSTist REVIEWer Plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22568 WordPress Post And Page Reactions Plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22569 WordPress Featured Page Widget Plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22570 WordPress Inline Tweets plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22571 WordPress Instabot plugin <= 1.10 - CSRF to Stored XSS vulnerability
CVE-2025-22572 WordPress Legacy ePlayer plugin <= 0.9.9 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22573 WordPress Icons Enricher plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22574 WordPress ICS Button plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22575 WordPress SUPER RESPONSIVE SLIDER Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22576 WordPress Site PIN Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22577 WordPress Able Player plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22578 WordPress WP Cookie plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22579 WordPress WP Header Notification plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22580 WordPress Biltorvet Dealer Tools plugin <= 1.0.22 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22581 WordPress Arcade Ready plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22582 WordPress Uptime Robot plugin <= 0.1.3 - CSRF to Stored XSS vulnerability
CVE-2025-22583 WordPress Scan External Links Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22584 WordPress Timeline Pro plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22585 WordPress Ultimate Image Hover Effects plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22586 WordPress WPEX Replace DB Urls Plugin <= 0.4.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22587 WordPress SEO Bulk Editor plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22588 WordPress Scanventory Plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22589 WordPress Quote Tweet plugin <= 0.7 - CSRF to Stored XSS vulnerability
CVE-2025-22590 WordPress Prayer Times Anywhere plugin <= 2.0.1 - CSRF to Stored XSS vulnerability
CVE-2025-22591 WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability
CVE-2025-22592 WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability
CVE-2025-22593 WordPress Laika Pedigree Tree plugin <= 1.4 - CSRF to Stored XSS vulnerability
CVE-2025-22594 WordPress Better User Shortcodes Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22595 WordPress Mailing Group Listserv Plugin <= 2.0.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22596 WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint 'modulos_visiveis.php' parameter'msg_c'
E
CVE-2025-22597 WeGIA has a Cross-Site Scripting (XSS) Stored endpoint 'CobrancaController.php' parameter 'local_recepcao'
E
CVE-2025-22598 WeGIA has a Cross-Site Scripting (XSS) Stored endpoint 'cadastrarSocio.php' parameter 'nome'
E
CVE-2025-22599 WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint `home.php` parameter `msg_c`
E
CVE-2025-22600 WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint `configuracao_doacao.php` parameter `avulso`
E
CVE-2025-22601 Client Side Path Traversal using activate account route in Discourse
CVE-2025-22602 Stored DOM-based XSS (without CSP) via video placeholders in Discourse
CVE-2025-22603 AutoGPT SSRF vulnerability
CVE-2025-22604 Cacti has Authenticated RCE via multi-line SNMP responses
E S
CVE-2025-22605 Coolify OS Command Injection Vulnerability in SSH Command Generation
CVE-2025-22606 Coolify Command Injection Vulnerability in Project Name
CVE-2025-22607 Coolify Vulnerable to GitHub / GitLab OAuth Secrets Leak
CVE-2025-22608 Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS)
CVE-2025-22609 Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE)
CVE-2025-22610 Coolify Vulnerable to OAuth Secrets Leak
CVE-2025-22611 Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)
CVE-2025-22612 Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Execution (RCE)
CVE-2025-22613 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'
E S
CVE-2025-22614 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_editarInfoPessoal.php ' parameters 'nome' 'SobrenomeForm'
E S
CVE-2025-22615 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'Cadastro_Atendido.php' parameter 'cpf'
E S
CVE-2025-22616 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_parentesco_adicionar.php' parameter 'descricao'
E S
CVE-2025-22617 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'editar_socio.php' parameter 'socio'
E S
CVE-2025-22618 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'adicionar_cargo.php' parameter 'cargo'
E S
CVE-2025-22619 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'editar_permissoes.php' parameter 'msg_c'
E S
CVE-2025-22620 gix-worktree-state nonexclusive checkout sets executable files world-writable
CVE-2025-22621 Privilege escalation for users who hold the “splunk_app_soar“ role in the Splunk App for SOAR
CVE-2025-22622 Age Verification - Reflected cross-site scripting (XSS)
CVE-2025-22623 Ad Inserter - Reflected cross-site scripting (XSS)
CVE-2025-22624 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 - Reflected cross-site scripting (XSS)
CVE-2025-22628 WordPress Filled In Plugin <= 1.9.2 - CSRF to Stored XSS vulnerability
CVE-2025-22629 WordPress iNET Webkit Plugin <= 1.2.2 - Broken Access Control vulnerability
S
CVE-2025-22630 WordPress Widget Options Plugin <= 4.1.0 - Arbitrary Code Execution vulnerability
CVE-2025-22631 WordPress Marketing Automation Plugin <= 1.2.6.8 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22632 WordPress WooCommerce Pricing – Product Pricing plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22633 WordPress Give – Divi Donation Modules plugin <= 2.0.0 - Sensitive Data Exposure vulnerability
S
CVE-2025-22634 WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-22635 WordPress Eventer - WordPress Event & Booking Manager Plugin plugin < 3.9.9 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22636 WordPress VR-Frases plugin <= 3.0.1 - Reflected XSS to SQL Injection vulnerability
CVE-2025-22637 WordPress Print PDF Generator and Publisher Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-22638 WordPress Product Table For WooCommerce Plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22639 WordPress Distance Rate Shipping for WooCommerce plugin <= 1.3.4 - SQL Injection vulnerability
CVE-2025-22640 WordPress Paytm Payment Donation Plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22641 WordPress FM Notification Bar plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22642 WordPress Dynamic Conditions plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22643 WordPress OnePress theme <= 2.3.11 - Broken Access Control vulnerability
CVE-2025-22644 WordPress Vayu Blocks – Gutenberg Blocks plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22645 WordPress Real Estate Manager – Property Listing and Agent Management plugin <= 7.3 - Captcha Bypass Vulnerability vulnerability
CVE-2025-22646 WordPress aThemes Addons for Elementor plugin <= 1.0.8 - Stored Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22647 WordPress AIO Performance Profiler plugin <= 1.2 - Broken Access Control vulnerability
CVE-2025-22648 WordPress Blog, Posts and Category Filter for Elementor plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22649 WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22650 WordPress Smartarget.online Integration plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22651 WordPress Stylish Google Sheet Reader plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22652 WordPress Payment Forms for Paystack plugin <= 4.0.1 - SQL Injection vulnerability
S
CVE-2025-22653 WordPress Music Press Pro plugin <=1.4.6 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22654 WordPress Simplified Plugin Plugin <= 1.0.6 - Arbitrary File Upload vulnerability
CVE-2025-22655 WordPress CWD - Stealth Links plugin <= 1.3 - SQL Injection vulnerability
CVE-2025-22656 WordPress Cookie Monster Plugin <= 1.2.2 - Local File Inclusion vulnerability
CVE-2025-22657 WordPress Atarim plugin <= 4.0.9 - Arbitrary Content Deletion vulnerability
S
CVE-2025-22658 WordPress Listings for Appfolio plugin <= 1.2.0 - CSRF to Stored XSS vulnerability
S
CVE-2025-22659 WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22660 WordPress Include Mastodon Feed plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22661 WordPress Online Payments plugin <= 3.20.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22662 WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22663 WordPress Paid Videochat Turnkey Site plugin <= 7.2.12 - Arbitrary File Deletion vulnerability
S
CVE-2025-22664 WordPress Survey Maker Plugin <= 5.1.3.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22665 WordPress RapidLoad plugin <= 2.4.4 - Broken Access Control vulnerability
S
CVE-2025-22667 WordPress Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin <= 1.8.2 - Broken Access Control vulnerability
S
CVE-2025-22668 WordPress Awesome Event Booking plugin <= 2.7.2 - Broken Access Control vulnerability
S
CVE-2025-22669 WordPress Awesome Event Booking plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-22670 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - CSRF to Settings Change vulnerability
S
CVE-2025-22671 WordPress Disable Elementor Editor Translation plugin <= 1.0.2 - Broken Access Control vulnerability
S
CVE-2025-22672 WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.2 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2025-22673 WordPress EAN Barcode Generator <= 5.3.5 - Broken Access Control vulnerability
S
CVE-2025-22674 WordPress Product Blocks for WooCommerce plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22675 WordPress Alert Box Block plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22676 WordPress Upcasted S3 Offload plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22677 WordPress Uix Shortcodes plugin <= 2.0.3 - Arbitrary Shortcode Execution vulnerability
S
CVE-2025-22678 WordPress my white theme <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22679 WordPress Job Board Manager Plugin <= 2.1.60 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22680 WordPress Ad Inserter Pro plugin <= 2.7.39 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22681 WordPress Content Cloner plugin <= 1.0.1 - Broken Access Control vulnerability
S
CVE-2025-22682 WordPress Hesabfa Accounting Plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22683 WordPress NotificationX plugin <= 2.9.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22684 WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22685 WordPress Tags to Keywords plugin <= 1.0.1 - CSRF to Stored XSS vulnerability
S
CVE-2025-22686 WordPress CF7 Google Sheets Connector plugin <= 5.0.17 - Broken Access Control vulnerability
S
CVE-2025-22687 WordPress tuaug4 theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22688 WordPress Unlimited Page Sidebars plugin <= 0.2.6 - CSRF to Stored XSS vulnerability
S
CVE-2025-22689 WordPress Forex Calculators plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22690 WordPress DigiTimber cPanel Integration plugin <= 1.4.6 - CSRF to Stored XSS vulnerability
S
CVE-2025-22691 WordPress WP Travel plugin <= 10.1.0 - SQL Injection vulnerability
CVE-2025-22692 WordPress Sponsered Link plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22693 WordPress Contest Gallery plugin <= 25.1.0 - SQL Injection vulnerability
S
CVE-2025-22694 WordPress Hide Shipping Method For WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability
CVE-2025-22695 WordPress Nirweb support plugin <= 3.0.3 - Broken Access Control vulnerability
CVE-2025-22696 WordPress Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents plugin <= 1.1.0 - Broken Access Control vulnerability
CVE-2025-22697 WordPress Responsive Blocks plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22698 WordPress Accessibility Suite by Ability, Inc plugin <= 4.16 - Multiple Broken Access Control vulnerability
CVE-2025-22699 WordPress Traveler Code plugin <= 3.1.0 - Unauthenticated Arbitrary SQL Execution vulnerability
CVE-2025-22700 WordPress Traveler Code plugin <= 3.1.0 - Subscriber+ Arbitrary SQL Execution vulnerability
CVE-2025-22701 WordPress Traveler Layout Essential For Elementor plugin <= 1.0.8 - Server Side Request Forgery (SSRF) vulnerability
CVE-2025-22702 WordPress Photography theme <= 7.5.2 - Broken Access Control vulnerability
CVE-2025-22703 WordPress Forge – Front-End Page Builder plugin <= 1.4.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22704 WordPress Signature plugin <= 0.1 - Cross Site Request Forgery ( CSRF ) vulnerability
CVE-2025-22705 WordPress Disqus Popular Posts plugin <= 2.1.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22706 WordPress Social Pug: Author Box plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22709 WordPress Verge3D Publishing and E-Commerce Plugin <= 4.8.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22710 WordPress Smart Manager Plugin <= 8.52.0 - SQL Injection vulnerability
S
CVE-2025-22711 WordPress Image Source Control Lite Plugin <= 2.29.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22714 WordPress MDJM Event Management Plugin <= 1.7.5.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22716 WordPress Taskbuilder Plugin <= 3.0.6 - SQL Injection vulnerability
S
CVE-2025-22717 WordPress My Tickets plugin <= 2.0.9 - Broken Access Control vulnerability
S
CVE-2025-22718 WordPress FAT Event Lite plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22719 WordPress VikAppointments Services Booking Calendar plugin <= 1.2.16 - CSRF to Stored XSS vulnerability
S
CVE-2025-22720 WordPress WpRently | WordPress plugin plugin <= 2.2.1 - Broken Access Control vulnerability
CVE-2025-22721 WordPress ApplyOnline plugin <= 2.6.7.1 - Broken Access Control vulnerability
S
CVE-2025-22722 WordPress Widget Options plugin <= 4.0.8 - Broken Access Control to Notice Dimissal vulnerability
S
CVE-2025-22723 WordPress Barcode Scanner and Inventory manager plugin <= 1.6.7 - Arbitrary File Upload vulnerability
S
CVE-2025-22724 WordPress Product Carousel For WooCommerce – WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22727 WordPress MailChimp Subscribe Form plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22729 WordPress VOD Infomaniak plugin <= 1.5.9 - Broken Access Control vulnerability
S
CVE-2025-22730 WordPress Ksher plugin <= 1.1.2 - Broken Access Control vulnerability
CVE-2025-22731 WordPress Build Private Store For Woocommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-22732 WordPress Ad Blocking Detector plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22733 WordPress My auctions allegro Plugin <= 3.6.18 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22734 WordPress Posts Footer Manager Plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22735 WordPress Tag Cloud Plugin - Tag Groups plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22736 WordPress User Management plugin <= 1.2 - Privilege Escalation vulnerability
CVE-2025-22737 WordPress WpTravelly Plugin <= 1.8.5 - Broken Access Control vulnerability
S
CVE-2025-22738 WordPress WP ULike plugin <= 4.7.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22739 WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability
S
CVE-2025-22740 WordPress Sensei LMS plugin <= 4.24.4 - Broken Access Control vulnerability
S
CVE-2025-22742 WordPress WP ViewSTL plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22743 WordPress Twitter Bootstrap Collapse aka Accordian Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22744 WordPress S-DEV SEO plugin <= 1.88 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22745 WordPress Navigation Du Lapin Blanc plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22746 WordPress HireHive Job Plugin plugin <= 2.9.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22747 WordPress Foundation Columns plugin <= 0.8 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22748 WordPress SetMore Theme – Custom Post Types plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22749 WordPress Social Media Engine plugin <= 1.0.2 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22750 WordPress Post Carousel & Slider plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22751 WordPress Partners Plugin <= 0.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22752 WordPress GSheetConnector for Forminator Forms Plugin <= 1.0.11 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22753 WordPress turboSMTP Plugin <= 4.6 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22754 WordPress Amber Plugin <=1.4.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22755 WordPress WP Headmaster Plugin <= 0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22756 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-22757 WordPress CodeBard Help Desk plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22758 WordPress Elementor AI Addons plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22759 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22760 WordPress CodeBard Help Desk plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22761 WordPress Ajax Contact Form plugin <= 1.2.5.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22762 WordPress Octrace Support Pro plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22763 WordPress Brizy Pro Plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22764 WordPress WP Post Corrector Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22765 WordPress WP Order By Plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22766 WordPress Zarinpal Paid Download Plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22767 WordPress GlobalPayments WooCommerce Plugin <= 1.13.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22768 WordPress Rocket Media Library Mime Type plugin <= 2.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22769 WordPress Multifox theme <= 1.3.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22770 WordPress Envo Multipurpose theme <= 1.1.6 - Broken Access Control vulnerability
CVE-2025-22771 WordPress The Great Firewords of China plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22772 WordPress Mapbox for WP Advanced Plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22773 WordPress Htaccess File Editor <= 1.0.19 - Broken Authentication vulnerability
S
CVE-2025-22774 WordPress CRUDLab Scroll to Top Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22775 WordPress Catalog Importer, Scraper & Crawler Plugin <= 5.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22776 WordPress WP Bulletin Board Plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22777 WordPress GiveWP Plugin <= 3.19.3 - PHP Object Injection vulnerability
S
CVE-2025-22778 WordPress Lijit Search Plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22779 WordPress WP News Sliders plugin <= 1.0 - Broken Access Control vulnerability
CVE-2025-22780 WordPress wp-pano Plugin <= 1.17 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22781 WordPress Nativery Plugin plugin <= 0.1.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22782 WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Remote Code Execution (RCE) vulnerability
CVE-2025-22783 WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.03 - SQL Injection vulnerability
S
CVE-2025-22784 WordPress Background Control plugin <= 1.0.5 - CSRF to Arbitrary File Deletion vulnerability
CVE-2025-22785 WordPress Course Booking System plugin <= 6.0.5 - SQL Injection vulnerability
CVE-2025-22786 WordPress ElementInvader Addons for Elementor plugin <= 1.2.6 - Local File Inclusion vulnerability
S
CVE-2025-22787 WordPress Button Block plugin <= 1.1.5 - Broken Access Control vulnerability
S
CVE-2025-22788 WordPress CoDesigner plugin <= 4.7.17.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22789 WordPress polka dots theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22790 WordPress moseter theme <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22791 WordPress offset writing theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22792 WordPress Js O3 Lite theme <= 1.5.8.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22793 WordPress Bold pagos en linea Plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22794 WordPress World Cup Predictor Plugin <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22795 WordPress Multilang Contact Form Plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22796 WordPress WP-Asambleas Plugin <= 2.85.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22797 WordPress Gallery and Lightbox plugin <= 1.0.14 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22798 WordPress Responsive jQuery Slider plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22799 WordPress Neon Product Designer Plugin <= 2.1.1 - SQL Injection vulnerability
CVE-2025-22800 WordPress Post SMTP plugin <= 2.9.11 - Broken Access Control vulnerability
S
CVE-2025-22801 WordPress Free WooCommerce Theme 99fy Extension plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22802 WordPress Email Templates Customizer YeeMail plugin <= 2.1.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22803 WordPress Advanced Product Information for WooCommerce plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22804 WordPress Author Avatars List/Block plugin <= 2.1.23 - Stored Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22805 WordPress Skill Bar Plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22806 WordPress Black Widgets For Elementor plugin <= 1.3.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22807 WordPress Responsive Flickr Slideshow Plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22808 WordPress Surbma | Premium WP plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22809 WordPress PDF Catalog Woocommerce plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22810 WordPress Content Blocks Builder plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22811 WordPress MT Addons for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22812 WordPress News Ticker Widget for Elementor plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22813 WordPress ChatBot Conversational Forms plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22814 WordPress Zephyr Admin Theme Plugin <= 1.4.1 - CSRF to Stored XSS vulnerability
S
CVE-2025-22815 WordPress Button Block plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22816 WordPress Power Mag theme <= 1.1.5 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22817 WordPress BP Profile Shortcodes Extra plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22818 WordPress S3Player plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22819 WordPress Qr Code and Barcode Scanner Reader plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22820 WordPress VR Views plugin <= 1.5.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22821 WordPress StorePress theme <= 1.0.12 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22822 WordPress wp custom countdown Plugin <= 2.8 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-22823 WordPress Genesis Style Shortcodes Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22824 WordPress Live Flight Radar Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22825 WordPress Flexible PDF Coupons plugin < 1.10.3 - Stored Cross Site Scripting (XSS) vulnerability
S
CVE-2025-22826 WordPress Sell Digital Downloads plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22827 WordPress WP Joomag plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22828 Apache CloudStack: Unauthorised access to annotations
CVE-2025-22829 Apache CloudStack: Unauthorised access to dedicated resources in Quota plugin
CVE-2025-22835 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
CVE-2025-22837 Arkcompiler Ets Runtime has a NULL pointer dereference vulnerability
CVE-2025-22841 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability
CVE-2025-22842 arkcompiler_ets_runtime has an out-of-bounds read vulnerability
CVE-2025-22843 Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edg...
CVE-2025-22844 Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may al...
CVE-2025-22846 BIG-IP SIP Vulnerability
CVE-2025-22847 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability
CVE-2025-22848 Improper conditions check for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may ...
CVE-2025-22851 Liteos_A has an integer overflow vulnerability
CVE-2025-22854 Possible thread exhaustion from processing http responses in PingFederate Google Adapter
S
CVE-2025-22855 An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vul...
S
CVE-2025-22859 A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClie...
S
CVE-2025-22865 ParsePKCS1PrivateKey panic with partial keys in crypto/x509
CVE-2025-22866 Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
CVE-2025-22867 Arbitrary code execution during build on darwin in cmd/go
CVE-2025-22868 Unexpected memory consumption during token parsing in golang.org/x/oauth2
S
CVE-2025-22869 Potential denial of service in golang.org/x/crypto
S
CVE-2025-22870 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
CVE-2025-22871 Request smuggling due to acceptance of invalid chunked data in net/http
CVE-2025-22872 Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
CVE-2025-22874 Usage of ExtKeyUsageAny disables policy validation in crypto/x509
CVE-2025-22880 Heap-based Buffer Overflow in CNCSoft-G2
S
CVE-2025-22881 Heap-based Buffer Overflow in CNCSoft-G2
S
CVE-2025-22882 ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2025-22883 ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2025-22884 ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2025-22886 distributeddatamgr_udmf has a memory leak vulnerability
CVE-2025-22888 Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of M...
CVE-2025-22890 Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and...
CVE-2025-22891 BIG-IP PEM Vulnerability
CVE-2025-22892 Uncontrolled resource consumption for some OpenVINO™ model server software maintained by Intel(R) be...
CVE-2025-22894 Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver....
CVE-2025-22895 Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for I...
CVE-2025-22896 mySCADA myPRO Manager Cleartext Storage of Sensitive Information
S
CVE-2025-22897 Arkcompiler Ets Runtime has a buffer overflow vulnerability
CVE-2025-22900 Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMa...
E
CVE-2025-22903 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parame...
E
CVE-2025-22904 RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN ...
E
CVE-2025-22905 RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at...
E
CVE-2025-22906 RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName paramet...
E
CVE-2025-22907 RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSu...
E
CVE-2025-22911 RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formiNICba...
E
CVE-2025-22912 RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/fo...
E
CVE-2025-22913 RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrv...
E
CVE-2025-22916 RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPo...
E
CVE-2025-22917 A reflected cross-site scripting (XSS) vulnerability in Audemium ERP <=0.9.0 allows remote attackers...
E
CVE-2025-22918 Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. Th...
CVE-2025-22919 A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a D...
CVE-2025-22920 A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a m...
CVE-2025-22921 FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the co...
CVE-2025-22923 An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and de...
E
CVE-2025-22924 OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /...
E
CVE-2025-22925 OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table par...
CVE-2025-22926 An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sen...
CVE-2025-22927 An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sen...
CVE-2025-22928 OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id par...
CVE-2025-22929 OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id...
CVE-2025-22930 OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid p...
CVE-2025-22931 An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0...
CVE-2025-22936 An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 ...
CVE-2025-22937 An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified v...
E
CVE-2025-22938 Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords....
E
CVE-2025-22939 A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows atta...
E
CVE-2025-22940 Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unauthorized attackers to arbitrari...
E
CVE-2025-22941 A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attac...
E
CVE-2025-22946 Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDev...
E
CVE-2025-22949 Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, whic...
E
CVE-2025-22952 elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient valida...
E S
CVE-2025-22953 A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM...
CVE-2025-22954 GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lat...
CVE-2025-22957 A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be ...
E
CVE-2025-22960 A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UA...
CVE-2025-22961 A critical information disclosure vulnerability exists in the web-based management interface of Gate...
CVE-2025-22962 A critical remote code execution (RCE) vulnerability exists in the web-based management interface of...
CVE-2025-22963 Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin....
CVE-2025-22964 DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection ...
CVE-2025-22968 An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH usin...
E
CVE-2025-22973 An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the h...
CVE-2025-22974 SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrar...
E M
CVE-2025-22976 SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code ...
CVE-2025-22978 eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module....
E
CVE-2025-22980 A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via t...
E
CVE-2025-22983 An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthe...
E
CVE-2025-22984 An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows...
E
CVE-2025-22992 A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11....
E
CVE-2025-22994 O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings....
CVE-2025-22996 A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E560...
E
CVE-2025-22997 A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E560...
E
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.