| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-26001 | Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePa... | | |
| CVE-2025-26002 | Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when reques... | | |
| CVE-2025-26003 | Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when req... | | |
| CVE-2025-26004 | Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when ... | | |
| CVE-2025-26005 | Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when request... | | |
| CVE-2025-26006 | Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the ad... | | |
| CVE-2025-26007 | Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface... | | |
| CVE-2025-26008 | In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting... | | |
| CVE-2025-26009 | Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutili... | | |
| CVE-2025-26010 | Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi... | | |
| CVE-2025-26011 | Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the ad... | | |
| CVE-2025-26013 | An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py ... | E | |
| CVE-2025-26014 | A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute ar... | E | |
| CVE-2025-26042 | Uptime Kuma >== 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notif... | | |
| CVE-2025-26047 | Loggrove v1.0 is vulnerable to SQL Injection in the read.py file.... | E | |
| CVE-2025-26054 | Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting (XSS) via the "Description" field dur... | E | |
| CVE-2025-26055 | An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module, sp... | | |
| CVE-2025-26056 | A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module ... | | |
| CVE-2025-26058 | Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access th... | E | |
| CVE-2025-26074 | Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestrict... | | |
| CVE-2025-26086 | An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 with... | | |
| CVE-2025-26091 | A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that... | E | |
| CVE-2025-26125 | An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to a... | | |
| CVE-2025-26127 | A stored cross-site scripting (XSS) vulnerability in the Send for Approval function of FileCloud v23... | | |
| CVE-2025-26136 | A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.... | | |
| CVE-2025-26137 | Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An u... | | |
| CVE-2025-26138 | Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/... | | |
| CVE-2025-26153 | A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers c... | E | |
| CVE-2025-26156 | A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping ... | E | |
| CVE-2025-26157 | A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour... | E | |
| CVE-2025-26158 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of ... | E | |
| CVE-2025-26159 | Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user wi... | | |
| CVE-2025-26163 | CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the... | E | |
| CVE-2025-26167 | Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows unauthenticated attackers to ... | E | |
| CVE-2025-26168 | IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because th... | | |
| CVE-2025-26169 | IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is... | | |
| CVE-2025-26182 | An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code... | E | |
| CVE-2025-26198 | CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmi... | E | |
| CVE-2025-26199 | CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. Th... | E | |
| CVE-2025-26200 | SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month paramet... | E | |
| CVE-2025-26201 | Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote una... | | |
| CVE-2025-26202 | Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Sec... | E | |
| CVE-2025-26204 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2025-26205 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2025-26206 | Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to e... | E | |
| CVE-2025-26211 | Gibbon before 29.0.00 allows CSRF.... | | |
| CVE-2025-26215 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2025-26216 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2025-26241 | A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17... | E | |
| CVE-2025-26260 | Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLoca... | E | |
| CVE-2025-26262 | An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows a... | | |
| CVE-2025-26263 | GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), i... | | |
| CVE-2025-26264 | GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Executi... | E | |
| CVE-2025-26265 | A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS... | E | |
| CVE-2025-26268 | DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon ... | E S | |
| CVE-2025-26269 | DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial ... | E S | |
| CVE-2025-26304 | A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming ... | E | |
| CVE-2025-26305 | A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.... | E | |
| CVE-2025-26306 | A memory leak has been identified in the readSizedString function in util/read.c of libming v0.4.8, ... | E | |
| CVE-2025-26307 | A memory leak has been identified in the parseSWF_IMPORTASSETS2 function in util/parser.c of libming... | E | |
| CVE-2025-26308 | A memory leak has been identified in the parseSWF_FILTERLIST function in util/parser.c of libming v0... | E | |
| CVE-2025-26309 | A memory leak has been identified in the parseSWF_DEFINESCENEANDFRAMEDATA function in util/parser.c ... | E | |
| CVE-2025-26310 | Multiple memory leaks have been identified in the ABC file parsing functions (parseABC_CONSTANT_POOL... | E | |
| CVE-2025-26311 | Multiple memory leaks have been identified in the clip actions parsing functions (parseSWF_CLIPACTIO... | E | |
| CVE-2025-26312 | SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass by removing the Captcha param... | | |
| CVE-2025-26318 | hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of... | E | |
| CVE-2025-26319 | FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1... | E S | |
| CVE-2025-26320 | t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via th... | | |
| CVE-2025-26325 | ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.... | E | |
| CVE-2025-26326 | A vulnerability was identified in the NVDA Remote (version 2.6.4) and Tele NVDA Remote (version 2025... | | |
| CVE-2025-26330 | Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulner... | | |
| CVE-2025-26331 | Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Comman... | | |
| CVE-2025-26335 | Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive In... | | |
| CVE-2025-26336 | Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202... | | |
| CVE-2025-26339 | A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTim... | | |
| CVE-2025-26340 | A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or eq... | | |
| CVE-2025-26341 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free... | | |
| CVE-2025-26342 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free... | | |
| CVE-2025-26343 | A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or ... | | |
| CVE-2025-26344 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Fr... | | |
| CVE-2025-26345 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free Max... | | |
| CVE-2025-26346 | A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in m... | | |
| CVE-2025-26347 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free Max... | | |
| CVE-2025-26348 | A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in m... | | |
| CVE-2025-26349 | A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal... | | |
| CVE-2025-26350 | A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free M... | | |
| CVE-2025-26351 | A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to... | | |
| CVE-2025-26352 | A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to... | | |
| CVE-2025-26353 | A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version... | | |
| CVE-2025-26354 | A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime les... | | |
| CVE-2025-26355 | A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal ... | | |
| CVE-2025-26356 | A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTim... | | |
| CVE-2025-26357 | A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal ... | | |
| CVE-2025-26358 | A CWE-20 "Improper Input Validation" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.1... | | |
| CVE-2025-26359 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free... | | |
| CVE-2025-26360 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-F... | | |
| CVE-2025-26361 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free Ma... | | |
| CVE-2025-26362 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free Ma... | | |
| CVE-2025-26363 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free Ma... | | |
| CVE-2025-26364 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free Ma... | | |
| CVE-2025-26365 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free Ma... | | |
| CVE-2025-26366 | A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free Ma... | | |
| CVE-2025-26367 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than o... | | |
| CVE-2025-26368 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than o... | | |
| CVE-2025-26369 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than o... | | |
| CVE-2025-26370 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than o... | | |
| CVE-2025-26371 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than o... | | |
| CVE-2025-26372 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than o... | | |
| CVE-2025-26373 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime l... | | |
| CVE-2025-26374 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime ... | | |
| CVE-2025-26375 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equa... | | |
| CVE-2025-26376 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equa... | | |
| CVE-2025-26377 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equa... | | |
| CVE-2025-26378 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equa... | | |
| CVE-2025-26382 | Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool | S | |
| CVE-2025-26383 | The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposu... | | |
| CVE-2025-26389 | A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). T... | | |
| CVE-2025-26390 | A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). T... | | |
| CVE-2025-26393 | SolarWinds Service Desk Broken Access Control Vulnerability | | |
| CVE-2025-26394 | SolarWinds SWOSH Open Redirection Vulnerability | S | |
| CVE-2025-26395 | SolarWinds SWOSH DOM-based reflective XSS Vulnerability | S | |
| CVE-2025-26396 | SolarWinds Dameware Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability | S | |
| CVE-2025-26401 | Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability ... | | |
| CVE-2025-26408 | Unprotected JTAG Interface | S | |
| CVE-2025-26409 | Access to Bootloader and Shell Over Serial Interface | S | |
| CVE-2025-26410 | Weak Hard-coded Credentials | S | |
| CVE-2025-26411 | Authenticated Arbitrary Python File Upload via Plugin Manager | S | |
| CVE-2025-26412 | Undocumented Root Shell Access in SIMCom SIM7600G Modem | S | |
| CVE-2025-26413 | Apache Kvrocks: The server was crashed by the negative offset | | |
| CVE-2025-26465 | Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled | S | |
| CVE-2025-26466 | Openssh: denial-of-service in openssh | M | |
| CVE-2025-26468 | CyberData 011209 SIP Emergency Intercom Missing Authentication for Critical Function | S | |
| CVE-2025-26473 | Outback Power Mojave Inverter Use of GET Request Method With Sensitive Query Strings | M | |
| CVE-2025-26475 | Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting... | S | |
| CVE-2025-26477 | Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privile... | | |
| CVE-2025-26478 | Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unau... | | |
| CVE-2025-26479 | Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerabil... | | |
| CVE-2025-26480 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumpt... | | |
| CVE-2025-26481 | Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumpti... | | |
| CVE-2025-26485 | A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed auth... | | |
| CVE-2025-26486 | Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effor... | | |
| CVE-2025-26490 | Rejected reason: This CVE ID is a duplicate of CVE-2025-26495.... | R | |
| CVE-2025-26491 | Rejected reason: This CVE ID is a duplicate of CVE-2025-26494.... | R | |
| CVE-2025-26492 | In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitiv... | | |
| CVE-2025-26493 | In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Re... | | |
| CVE-2025-26494 | Server Side Request Forgery vulnerability in Tableau Server | | |
| CVE-2025-26495 | Sensitive Data Exposure in Tableau Server | | |
| CVE-2025-26500 | VxWorks 7 USB Failure | S | |
| CVE-2025-26506 | Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege | | |
| CVE-2025-26507 | Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege | | |
| CVE-2025-26508 | Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege | | |
| CVE-2025-26511 | Cassandra-Lucene-Index allows bypass of Cassandra RBAC | | |
| CVE-2025-26512 | CVE-2025-26512 Privilege Escalation Vulnerability in SnapCenter | | |
| CVE-2025-26519 | musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacke... | | |
| CVE-2025-26520 | Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the gra... | S | |
| CVE-2025-26521 | Apache CloudStack: CKS cluster in project exposes user API keys | | |
| CVE-2025-26522 | Authentication Bypass Vulnerability in RupeeWeb trading platform | S | |
| CVE-2025-26523 | Insufficient Authorization Vulnerability in RupeeWeb trading platform | S | |
| CVE-2025-26524 | No Rate Limiting Vulnerability in RupeeWeb trading platform | S | |
| CVE-2025-26525 | Arbitrary file read risk through pdfTeX | S | |
| CVE-2025-26526 | Feedback response viewing and deletions did not respect Separate Groups mode | S | |
| CVE-2025-26527 | Non-searchable tags can still be discovered on the tag search page and in the tags block | S | |
| CVE-2025-26528 | Stored XSS in ddimageortext question type | S | |
| CVE-2025-26529 | Stored XSS risk in admin live log | S | |
| CVE-2025-26530 | Reflected XSS via question bank filter | S | |
| CVE-2025-26531 | IDOR in badges allows disabling of arbitrary badges | S | |
| CVE-2025-26532 | Teachers can evade trusttext config when restoring glossary entries | S | |
| CVE-2025-26533 | SQL injection risk in course search module list filter | S | |
| CVE-2025-26534 | WordPress Helloprint Plugin <= 2.0.7 - Arbitrary File Deletion vulnerability | | |
| CVE-2025-26535 | WordPress Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop plugin <= 1.7.6 - SQL Injection vulnerability | | |
| CVE-2025-26536 | WordPress Another Events Calendar Plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26537 | WordPress GDPR Tools plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26538 | WordPress Prezi Embedder plugin <= 2.1 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26539 | WordPress Embed Google Map plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26540 | WordPress Helloprint Plugin <= 2.0.7 - Arbitrary File Deletion vulnerability | | |
| CVE-2025-26541 | WordPress Bitcoin / AltCoin Payment Gateway for WooCommerce plugin <= 1.7.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26542 | WordPress Zalo Live Chat Plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26543 | WordPress Simple Responsive Menu plugin <= 2.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26544 | WordPressUTM tags + Landing page plugin <= 1.4 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26545 | WordPress Related Posts Line-up-Exactly by Milliard plugin <= 0.0.22 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26546 | WordPress Cookies Pro plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26547 | WordPress My Login Logout Plugin plugin <= 2.4 - CSRF to Stored Cross-Site Scripting vulnerability | | |
| CVE-2025-26548 | WordPress Random Image Selector plugin <= 1.5.6 - Reflected Cross-Site Scripting vulnerability | | |
| CVE-2025-26549 | WordPress WP Html Page Sitemap plugin <= 2.2 - CSRF to Stored Cross-Site Scripting | | |
| CVE-2025-26550 | WordPress Global Meta Keyword & Description plugin <= 2.3 - CSRF to Cross-Site Scripting vulnerability | | |
| CVE-2025-26551 | WordPress Bootstrap collapse plugin <= 1.0.4 - CSRF to Stored Cross-Site Scripting vulnerability | | |
| CVE-2025-26552 | WordPress Naver Syndication V2 plugin <= 0.8.3 - CSRF to Stored Cross-Site Scripting vulnerability | | |
| CVE-2025-26553 | WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting | | |
| CVE-2025-26554 | WordPress WP Discord Post Plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26555 | WordPress Debug-Bar-Extender Plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26556 | WordPress WP AntiDDOS Plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26557 | WordPress ViperBar Plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26558 | WordPress Aparat Responsive plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26559 | WordPress Secure Invites plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26560 | WordPress WP Contact Form III Plugin <= 1.6.2d - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26561 | WordPress Elfsight Yottie Lite Plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26562 | WordPress RSS FIlter Plugin <= 1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26563 | WordPress Rocket Mobile Plugin <= 0.4.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26564 | WordPress GNUCommerce Plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26565 | WordPress GNUPress Plugin <= 0.2.9 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26566 | WordPress In Stock Mailer for WooCommerce Plugin <= 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26567 | WordPress Font Awesome WP plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26568 | WordPress Easy Amazon Product Information plugin <= 4.0.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26569 | WordPress Post Thumbs Plugin <= 1.5 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26570 | WordPress Glance That plugin <= 4.9 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26571 | WordPress Wibiya Toolbar plugin <= 2.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26572 | WordPress WP PHPList Plugin <= 1.7 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26573 | WordPress Rizzi Guestbook plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26574 | WordPress Google Drive WP Media plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26575 | WordPress Display Post Meta plugin <= 1.5- Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26576 | WordPress WP Simple Slideshow Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26577 | WordPress DX-auto-publish plugin <= 1.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26578 | WordPress Simple Documentation plugin <= 1.2.8 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26579 | WordPress MicroPayments Paid Membership plugin <= 3.1.6 - Reflected Cross-Site Scripting vulnerability | | |
| CVE-2025-26580 | WordPress Page/Post Specific Social Share Buttons plugin <= 2.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26581 | WordPress Picture Gallery plugin <= 1.6.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26582 | WordPress TinyMCE Advanced qTranslate fix editor problems plugin <= 1.0.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-26583 | WordPress Video Share VOD plugin <= 2.7.2 - Reflected Cross-Site Scripting vulnerability | | |
| CVE-2025-26584 | WordPress TBTestimonials Plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26585 | WordPress DL Leadback Plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26586 | WordPress Events Planner Plugin <= 1.3.10 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26587 | WordPress sidebarTabs Plugin <= 3.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26588 | WordPress TTT Crop Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26589 | WordPress IE CSS3 Support Plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26590 | WordPress Complete Google Seo Scan <= 3.5.1 - SQL Injection Vulnerability | | |
| CVE-2025-26591 | WordPress WP fancybox plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-26592 | WordPress Inset <= 1.18.0 - Local File Inclusion Vulnerability | | |
| CVE-2025-26593 | WordPress FastBook <= 1.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-26594 | X.org: xwayland: use-after-free of the root cursor | M | |
| CVE-2025-26595 | Xorg: xwayland: buffer overflow in xkbvmodmasktext() | M | |
| CVE-2025-26596 | Xorg: xwayland: heap overflow in xkbwritekeysyms() | M | |
| CVE-2025-26597 | Xorg: xwayland: buffer overflow in xkbchangetypesofkey() | M | |
| CVE-2025-26598 | Xorg: xwayland: out-of-bounds write in createpointerbarrierclient() | M | |
| CVE-2025-26599 | Xorg: xwayland: use of uninitialized pointer in compredirectwindow() | M | |
| CVE-2025-26600 | Xorg: xwayland: use-after-free in playreleasedevents() | M | |
| CVE-2025-26601 | Xorg: xwayland: use-after-free in syncinittrigger() | M | |
| CVE-2025-26603 | heap-use-after-free in function str_to_reg in vim/vim | | |
| CVE-2025-26604 | Possibility to retrieve bot token by malicious module developers in Discord-Bot-Framework-Kernel | | |
| CVE-2025-26605 | SQL Injection endpoint 'deletar_cargo.php' parameter 'id_cargo' in WeGIA | E | |
| CVE-2025-26606 | SQL Injection endpoint 'informacao_adicional.php' parameter 'id_descricao' in WeGIA | E | |
| CVE-2025-26607 | SQL Injection endpoint 'documento_excluir.php' parameter 'id_funcionario' in WeGIA | E | |
| CVE-2025-26608 | SQL Injection endpoint 'dependente_docdependente.php' parameter 'id_dependente', 'id_doc' in WeGIA | E | |
| CVE-2025-26609 | SQL Injection endpoint 'familiar_docfamiliar.php' parameter 'id_dependente', 'id_doc' in WeGIA | E | |
| CVE-2025-26610 | SQL Injection endpoint 'restaurar_produto_desocultar.php' parameter 'id_produto' in WeGIA | E | |
| CVE-2025-26611 | SQL Injection endpoint 'remover_produto.php' parameter 'id_produto' in WeGIA | E | |
| CVE-2025-26612 | SQL Injection endpoint 'adicionar_almoxarife.php' parameter 'id_almoxarifado', 'id_funcionario' in WeGIA | E | |
| CVE-2025-26613 | OS Command Injection endpoint 'gerenciar_backup.php' parameter 'file' (RCE) in WeGIA | E | |
| CVE-2025-26614 | SQL Injection endpoint 'deletar_documento.php' parameter 'id_cargo' in WeGIA | E | |
| CVE-2025-26615 | Path Traversal endpoint 'examples.php' parameter 'src' in WeGIA | E | |
| CVE-2025-26616 | Path Traversal endpoint 'exportar_dump.php' parameter 'file' in WeGIA | E | |
| CVE-2025-26617 | SQL Injection endpoint 'historico_paciente.php' parameter 'id_fichamedica' in WeGIA | E | |
| CVE-2025-26618 | SSH SFTP packet size not verified properly in Erlang OTP | | |
| CVE-2025-26619 | Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode `expressionInterpeter` | E S | |
| CVE-2025-26620 | Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens | | |
| CVE-2025-26621 | OpenCTI vulnerable to Denial of Service through web hook | | |
| CVE-2025-26622 | sqrt doesn't define rounding behavior in Vyper | S | |
| CVE-2025-26623 | Use After Free in Exiv2 | | |
| CVE-2025-26624 | Local Privilege Escalation in Rufus 4.6 and previous versions | | |
| CVE-2025-26626 | GLPI Inventory Plugin vulnerable to reflective Cross-site Scripting | | |
| CVE-2025-26627 | Azure Arc Installer Elevation of Privilege Vulnerability | | |
| CVE-2025-26628 | Azure Local Cluster Information Disclosure Vulnerability | | |
| CVE-2025-26629 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-26630 | Microsoft Access Remote Code Execution Vulnerability | | |
| CVE-2025-26631 | Visual Studio Code Elevation of Privilege Vulnerability | | |
| CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability | KEV E | |
| CVE-2025-26634 | Windows Core Messaging Elevation of Privileges Vulnerability | | |
| CVE-2025-26635 | Windows Hello Security Feature Bypass Vulnerability | | |
| CVE-2025-26636 | Windows Kernel Information Disclosure Vulnerability | | |
| CVE-2025-26637 | BitLocker Security Feature Bypass Vulnerability | | |
| CVE-2025-26639 | Windows USB Print Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-26640 | Windows Digital Media Elevation of Privilege Vulnerability | | |
| CVE-2025-26641 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | | |
| CVE-2025-26642 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-26643 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | | |
| CVE-2025-26644 | Windows Hello Spoofing Vulnerability | | |
| CVE-2025-26645 | Remote Desktop Client Remote Code Execution Vulnerability | | |
| CVE-2025-26646 | .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability | | |
| CVE-2025-26647 | Windows Kerberos Elevation of Privilege Vulnerability | | |
| CVE-2025-26648 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2025-26649 | Windows Secure Channel Elevation of Privilege Vulnerability | | |
| CVE-2025-26651 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | | |
| CVE-2025-26652 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | | |
| CVE-2025-26653 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) | | |
| CVE-2025-26654 | Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud) | | |
| CVE-2025-26655 | Missing Authorization check in SAP JIT(Outbound) | | |
| CVE-2025-26656 | Missing Authorization check in S/4HANA (Manage Purchasing Info Records) | | |
| CVE-2025-26657 | Information Disclosure vulnerability in SAP KMC WPC | | |
| CVE-2025-26658 | Broken Authentication in SAP Business One (Service Layer) | | |
| CVE-2025-26659 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) | | |
| CVE-2025-26660 | Broken Access Control in SAP Fiori apps (Posting Library) | | |
| CVE-2025-26661 | Missing Authorization check in SAP NetWeaver (ABAP Class Builder) | | |
| CVE-2025-26662 | Cross-Site Scripting (XSS) vulnerability in the SAP Data Services Management Console | | |
| CVE-2025-26663 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | | |
| CVE-2025-26664 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-26665 | Windows upnphost.dll Elevation of Privilege Vulnerability | | |
| CVE-2025-26666 | Windows Media Remote Code Execution Vulnerability | | |
| CVE-2025-26667 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-26668 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-26669 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-26670 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | | |
| CVE-2025-26671 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2025-26672 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-26673 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | | |
| CVE-2025-26674 | Windows Media Remote Code Execution Vulnerability | | |
| CVE-2025-26675 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | | |
| CVE-2025-26676 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-26677 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | | |
| CVE-2025-26678 | Windows Defender Application Control Security Feature Bypass Vulnerability | | |
| CVE-2025-26679 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | | |
| CVE-2025-26680 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | | |
| CVE-2025-26681 | Win32k Elevation of Privilege Vulnerability | | |
| CVE-2025-26682 | ASP.NET Core and Visual Studio Denial of Service Vulnerability | | |
| CVE-2025-26683 | Azure Playwright Elevation of Privilege Vulnerability | | |
| CVE-2025-26684 | Microsoft Defender Elevation of Privilege Vulnerability | | |
| CVE-2025-26685 | Microsoft Defender for Identity Spoofing Vulnerability | | |
| CVE-2025-26686 | Windows TCP/IP Remote Code Execution Vulnerability | | |
| CVE-2025-26687 | Win32k Elevation of Privilege Vulnerability | | |
| CVE-2025-26688 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | | |
| CVE-2025-26689 | Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. ... | | |
| CVE-2025-26691 | telephony_call_manager has an improper preservation of permissions vulnerability | | |
| CVE-2025-26692 | Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restr... | | |
| CVE-2025-26693 | security_access_token has an improper preservation of permissions vulnerability | | |
| CVE-2025-26695 | When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network o... | | |
| CVE-2025-26696 | Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which inst... | | |
| CVE-2025-26698 | Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If... | | |
| CVE-2025-26699 | An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The dj... | | |
| CVE-2025-26700 | Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager"... | | |
| CVE-2025-26701 | An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account ... | | |
| CVE-2025-26702 | Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue af... | | |
| CVE-2025-26703 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue a... | | |
| CVE-2025-26704 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue a... | | |
| CVE-2025-26705 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue a... | | |
| CVE-2025-26706 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue a... | | |
| CVE-2025-26707 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue a... | | |
| CVE-2025-26708 | ZTELink has a configuration defect vulnerability | | |
| CVE-2025-26730 | WordPress Macro Calculator with Admin Email Optin & Data plugin <= 1.0 - Multiple Vulnerabilities vulnerability | | |
| CVE-2025-26731 | WordPress ARPrice plugin <= 4.1.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26732 | WordPress StoreBiz plugin <= 1.0.32 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26733 | WordPress Traveler theme <= 3.1.8 - Broken Access Control vulnerability | | |
| CVE-2025-26734 | WordPress Hester plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26735 | WordPress Grip theme <= 1.0.9 - Local File Inclusion vulnerability | | |
| CVE-2025-26736 | WordPress MorningTime Lite theme <= 1.3.2 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26737 | WordPress City Store theme <= 1.4.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26738 | WordPress Quick Interest Slider plugin <= 3.1.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26739 | WordPress newseqo theme <= 2.1.1 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26740 | WordPress SpaBiz plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26741 | WordPress Email Notifications for Updates <= 1.1.6 - Privilege Escalation Vulnerability | S | |
| CVE-2025-26742 | WordPress Gallery for Social Photo plugin <= 1.0.0.35 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26743 | WordPress Advance WP Query Search Filter plugin <= 1.0.10 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26744 | WordPress JetBlog plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26745 | WordPress RS Elements Elementor Addon plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26746 | WordPress Advanced Custom Fields: Link Picker Field plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26747 | WordPress RainbowNews theme <= 1.0.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26748 | WordPress Arkhe theme <= 3.11.0 - CSRF to Local File Inclusion vulnerability | | |
| CVE-2025-26749 | WordPress Additional Custom Product Tabs for WooCommerce plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26750 | WordPress Vitepos Plugin <= 3.1.3 - Broken Access Control vulnerability | S | |
| CVE-2025-26751 | WordPress Alphabetic Pagination Plugin <= 3.2.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26752 | WordPress VideoWhisper Live Streaming Integration plugin <= 6.2 - Arbitrary File Deletion vulnerability | S | |
| CVE-2025-26753 | WordPress VideoWhisper Live Streaming Integration plugin <= 6.2 - Arbitrary File Download vulnerability | S | |
| CVE-2025-26754 | WordPress Timeline Block plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26755 | WordPress WP Airbnb Review Slider Plugin <= 3.9 - SQL Injection vulnerability | S | |
| CVE-2025-26756 | WordPress Magic the Gathering Card Tooltips plugin <= 3.5.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26757 | WordPress FULL – Cliente plugin <= 3.1.26 - Local File Inclusion vulnerability | S | |
| CVE-2025-26758 | WordPress Spotlight Social Feeds plugin <= 1.7.1 - Sensitive Data Exposure vulnerability | S | |
| CVE-2025-26759 | WordPress Content Snippet Manager plugin <= 1.1.5 - CSRF to Stored XSS vulnerability | S | |
| CVE-2025-26760 | WordPress Calculator Builder plugin <= 1.6.2 - Local File Inclusion vulnerability | S | |
| CVE-2025-26761 | WordPress Easy Elementor Addons plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26762 | WordPress WooCommerce plugin <= 9.7.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26763 | WordPress Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Plugin <= 3.94.0 - PHP Object Injection vulnerability | S | |
| CVE-2025-26764 | WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Settings Change vulnerability | S | |
| CVE-2025-26765 | WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Broken Access Control vulnerability | S | |
| CVE-2025-26766 | WordPress Leyka plugin <= 3.31.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26767 | WordPress Qubely – Advanced Gutenberg Blocks plugin <= 1.8.12 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26768 | WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability | S | |
| CVE-2025-26769 | WordPress Vertex Addons for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26770 | WordPress Waymark plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26771 | WordPress SKT Blocks plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26772 | WordPress DethemeKit For Elementor plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26773 | WordPress Analytify plugin <= 5.5.0 - Broken Access Control vulnerability | S | |
| CVE-2025-26774 | WordPress Responsive Modal Builder for High Conversion – Easy Popups plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26775 | WordPress BEAR Plugin <= 1.1.4.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26776 | WordPress Chaty Pro Plugin <= 3.3.3 - Arbitrary File Upload vulnerability | S | |
| CVE-2025-26778 | WordPress Gallery Custom Links Plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26779 | WordPress Keep Backup Daily plugin <= 2.1.0 - Arbitrary File Download vulnerability | S | |
| CVE-2025-26780 | An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400. The ... | | |
| CVE-2025-26783 | An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 210... | | |
| CVE-2025-26784 | An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980... | | |
| CVE-2025-26785 | An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980... | | |
| CVE-2025-26788 | StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverab... | | |
| CVE-2025-26789 | An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access co... | | |
| CVE-2025-26791 | DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mu... | E | |
| CVE-2025-26793 | The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 20... | | |
| CVE-2025-26794 | Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL inject... | | |
| CVE-2025-26795 | Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver | | |
| CVE-2025-26796 | Apache Oozie: XSS in Oozie Web Console | | |
| CVE-2025-26803 | The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service ... | S | |
| CVE-2025-26816 | A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic pote... | | |
| CVE-2025-26817 | Netwrix Password Secure 9.2.0.32454 allows OS command injection.... | | |
| CVE-2025-26818 | Netwrix Password Secure through 9.2 allows command injection.... | | |
| CVE-2025-26819 | Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.... | | |
| CVE-2025-26841 | Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to exe... | | |
| CVE-2025-26842 | An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S... | | |
| CVE-2025-26844 | An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.... | | |
| CVE-2025-26845 | An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the confi... | | |
| CVE-2025-26846 | An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the G... | | |
| CVE-2025-26847 | An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords a... | | |
| CVE-2025-26849 | There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions.... | E | |
| CVE-2025-26850 | The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 ... | | |
| CVE-2025-26852 | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection.... | | |
| CVE-2025-26853 | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.... | | |
| CVE-2025-26856 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exi... | | |
| CVE-2025-26857 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-26864 | Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication | | |
| CVE-2025-26865 | Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE | S | |
| CVE-2025-26867 | WordPress Bulk theme <= 1.0.11 - Broken Access Control vulnerability | | |
| CVE-2025-26868 | WordPress Fast Flow plugin <= 1.2.16 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26869 | WordPress Build theme <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26870 | WordPress JetEngine plugin <= 3.6.4.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26871 | WordPress Essential Blocks plugin <= 4.8.3 - Broken Access Control vulnerability | S | |
| CVE-2025-26872 | WordPress Eximius theme <= 2.2 - Arbitrary File Upload vulnerability | | |
| CVE-2025-26873 | WordPress Traveler theme < 3.2.1 - PHP Object Injection vulnerability | S | |
| CVE-2025-26874 | WordPress MemberSpace plugin <= 2.1.13 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26875 | WordPress Multiple Shipping And Billing Address For Woocommerce Plugin <= 1.3 - SQL Injection vulnerability | S | |
| CVE-2025-26876 | WordPress Search with Typesense Plugin <= 2.0.8 - Path Traversal vulnerability | S | |
| CVE-2025-26877 | WordPress Front End Users Plugin <= 3.2.30 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26878 | WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.8.0.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26879 | WordPress s2Member Plugin <= 241216 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26880 | WordPress SKT Skill Bar plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26881 | WordPress Sticky Content plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26882 | WordPress Popup Builder plugin <= 1.1.33 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26883 | WordPress Animated Text Block plugin <= 1.0.7 - Broken Access Control vulnerability | S | |
| CVE-2025-26884 | WordPress Greenshift plugin <= 10.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26885 | WordPress Assistant Plugin <= 1.5.1 - PHP Object Injection vulnerability | S | |
| CVE-2025-26886 | WordPress PublishPress Authors plugin <= 4.7.3 - SQL Injection vulnerability | S | |
| CVE-2025-26887 | WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.21.35 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26888 | WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.8 - Broken Access Control vulnerability | S | |
| CVE-2025-26889 | WordPress hockeydata LOS plugin <= 1.2.4 - Local File Inclusion vulnerability | | |
| CVE-2025-26890 | WordPress HUSKY plugin <= 1.3.6.4 - Local File Inclusion vulnerability | S | |
| CVE-2025-26891 | WordPress Ibtana – WordPress Website Builder plugin <= 1.2.4.9 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26892 | WordPress Celestial Aura plugin <= 2.2 - Arbitrary File Upload vulnerability | | |
| CVE-2025-26893 | WordPress Easy Charts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26894 | WordPress Coming Soon, Maintenance Mode plugin <= 1.1.1 - Local File Inclusion vulnerability | | |
| CVE-2025-26895 | WordPress m1.DownloadList plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26896 | WordPress PiwigoPress plugin <= 2.33 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26897 | WordPress List Related Attachments plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26898 | WordPress Traveler theme <= 3.1.8 - SQL Injection vulnerability | | |
| CVE-2025-26899 | WordPress Recapture for WooCommerce Plugin <= 1.0.43 - CSRF to Settings Change vulnerability | S | |
| CVE-2025-26900 | WordPress Flexmls® IDX Plugin Plugin <= 3.14.27 - PHP Object Injection vulnerability | S | |
| CVE-2025-26901 | WordPress Brizy Pro plugin <= 2.6.1 - Broken Access Control vulnerability | | |
| CVE-2025-26902 | WordPress Brizy Pro plugin <= 2.6.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-26903 | WordPress InPost Gallery plugin <= 2.1.4.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-26904 | WordPress WP Responsive Auto Fit Text plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26905 | WordPress Estatik plugin <= 4.1.9 - Local File Inclusion vulnerability | | |
| CVE-2025-26906 | WordPress WP Delete User Accounts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26907 | WordPress Estatik Mortgage Calculator plugin <= 2.0.12 - Local File Inclusion vulnerability | | |
| CVE-2025-26908 | WordPress Kargo Entegratör plugin <= 1.1.14 - SQL Injection vulnerability | S | |
| CVE-2025-26909 | WordPress Hide My WP Ghost plugin <= 5.4.01 - Local File Inclusion to RCE vulnerability | S | |
| CVE-2025-26910 | WordPress WPBookit plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-26911 | WordPress System Dashboard plugin <= 2.8.18 - Sensitive Data Exposure vulnerability | S | |
| CVE-2025-26912 | WordPress Easy Elementor Addons plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26913 | WordPress AR for WordPress plugin <= 7.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26914 | WordPress Variable Inspector plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26915 | WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability | S | |
| CVE-2025-26916 | WordPress Massive Dynamic theme <= 8.2 - Unauthenticated Local File Inclusion vulnerability | | |
| CVE-2025-26917 | WordPress WP Templata plugin <= 1.0.7 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26918 | WordPress Small Package Quotes – Unishippers Edition plugin <= 2.4.9 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26919 | WordPress Tainá plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26920 | WordPress Customify theme <= 0.4.8 - Broken Access Control vulnerability | | |
| CVE-2025-26921 | WordPress Booking and Rental Manager Plugin <= 2.2.6 - PHP Object Injection vulnerability | S | |
| CVE-2025-26922 | WordPress AuraMart theme <= 2.0.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26923 | WordPress Event post plugin <= 5.9.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26924 | WordPress Ohio Theme Extra plugin <= 3.4.7 - Shortcode Injection vulnerability | | |
| CVE-2025-26925 | WordPress Admin Menu Manager plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-26926 | WordPress Booknetic plugin <= 4.0.9 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-26927 | WordPress AI Hub plugin <= 1.3.3 - Arbitrary File Upload vulnerability | | |
| CVE-2025-26928 | WordPress Order Limit for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability | S | |
| CVE-2025-26929 | WordPress Accounting for WooCommerce plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26930 | WordPress Home Services plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26931 | WordPress Tribulant Gallery Voting plugin <= 1.2.1 - CSRF to Stored XSS vulnerability | S | |
| CVE-2025-26932 | WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability | S | |
| CVE-2025-26933 | WordPress Place Order Without Payment for WooCommerce plugin <= 2.6.7 - Local File Inclusion vulnerability | S | |
| CVE-2025-26934 | WordPress Glossy Blog theme <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26935 | WordPress WP Job Portal plugin <= 2.2.8 - Local File Inclusion vulnerability | S | |
| CVE-2025-26936 | WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Remote Code Execution (RCE) vulnerability | | |
| CVE-2025-26937 | WordPress Icon List Block plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26938 | WordPress Countdown Timer block plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26939 | WordPress Counters Block plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26940 | WordPress Pie Register Premium plugin <= 3.8.3.2 - Path Traversal to Non-Arbitrary File Deletion vulnerability | S | |
| CVE-2025-26941 | WordPress Church Admin plugin <= 5.0.18 - SQL Injection vulnerability | S | |
| CVE-2025-26942 | WordPress JetTricks <= 1.5.1 - Broken Access Control Vulnerability | S | |
| CVE-2025-26943 | WordPress Easy Quotes plugin <= 1.2.2 - SQL Injection vulnerability | S | |
| CVE-2025-26944 | WordPress JetPopup <= 2.0.11 - Broken Access Control Vulnerability | S | |
| CVE-2025-26945 | WordPress Info Cards plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26946 | WordPress WP Yelp Review Slider Plugin <= 8.1 - SQL Injection vulnerability | S | |
| CVE-2025-26947 | WordPress Services Section block plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26948 | WordPress Pie Register Premium plugin <= 3.8.3.2 - Broken Access Control vulnerability | S | |
| CVE-2025-26949 | WordPress Team Section Block plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26950 | WordPress Nepali Date Converter plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26951 | WordPress C9 Blocks plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26952 | WordPress Business Card Block plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26953 | WordPress JetMenu <= 2.4.9 - Broken Access Control Vulnerability | S | |
| CVE-2025-26954 | WordPress ZooEffect plugin <= 1.11 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26955 | WordPress Industrial Lite theme <= 1.0.8 - Broken Access Control vulnerability | | |
| CVE-2025-26956 | WordPress Traveler theme <= 3.1.8 - Broken Access Control vulnerability | | |
| CVE-2025-26957 | WordPress Affiliate Coupons plugin <= 1.7.3 - Local File Inclusion vulnerability | S | |
| CVE-2025-26958 | WordPress JetBlog <= 2.4.3 - Broken Access Control Vulnerability | S | |
| CVE-2025-26959 | WordPress Administrator Z <= 2025.03.24 - Privilege Escalation Vulnerability | S | |
| CVE-2025-26960 | WordPress Small Package Quotes – Unishippers Edition plugin <= 2.4.9 - Broken Access Control vulnerability | S | |
| CVE-2025-26961 | WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Broken Access Control vulnerability | | |
| CVE-2025-26962 | WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26963 | WordPress ClickWhale plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | S | |
| CVE-2025-26964 | WordPress Eventin plugin <= 4.0.20 - Local File Inclusion vulnerability | S | |
| CVE-2025-26965 | WordPress Amelia plugin <= 1.2.16 - Insecure Direct Object References (IDOR) vulnerability | S | |
| CVE-2025-26966 | WordPress PrivateContent plugin <= 8.11.5 - Unauthenticated Account Takeover vulnerability | | |
| CVE-2025-26967 | WordPress Events Calendar for GeoDirectory plugin <= 2.3.14 - PHP Object Injection vulnerability | S | |
| CVE-2025-26968 | WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability | S | |
| CVE-2025-26969 | WordPress PrivateContent plugin <= 8.11.5 - Subscriber+ Site Wide Broken Access Control vulnerability | | |
| CVE-2025-26970 | WordPress Ark Theme Core plugin < 1.71.0 - Unauthenticated Remote Code Execution (RCE) vulnerability | S | |
| CVE-2025-26971 | WordPress Poll Maker <= 5.6.5 - SQL Injection vulnerability | S | |
| CVE-2025-26972 | WordPress PrivateContent plugin <= 8.11.5 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26973 | WordPress Social Warfare Plugin <= 4.5.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26974 | WordPress WP Multi Store Locator plugin <= 2.5.1 - SQL Injection vulnerability | S | |
| CVE-2025-26975 | WordPress Strong Testimonials plugin <= 3.2.3 - Broken Access Control vulnerability | S | |
| CVE-2025-26976 | WordPress PrivateContent plugin <= 8.11.4 - SQL Injection vulnerability | | |
| CVE-2025-26977 | WordPress FileBird plugin <= 6.4.2.1 - Insecure Direct Object References (IDOR) vulnerability | S | |
| CVE-2025-26978 | WordPress FS Poster plugin <= 6.5.8 - SQL Injection vulnerability | | |
| CVE-2025-26979 | WordPress Funnel Builder by FunnelKit plugin <= 3.9.0 - Local File Inclusion vulnerability | S | |
| CVE-2025-26980 | WordPress Wired Impact Volunteer Management plugin <= 2.5 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26981 | WordPress Web Accessibility By accessiBe plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26982 | WordPress DSGVO Youtube plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26983 | WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.3 - Broken Access Control vulnerability | S | |
| CVE-2025-26984 | WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26985 | WordPress Majestic Support plugin <= 1.0.6 - Local File Inclusion vulnerability | S | |
| CVE-2025-26986 | WordPress Pearl Theme < 3.4.8 - Local File Inclusion vulnerability | S | |
| CVE-2025-26987 | WordPress Frontend Admin by DynamiApps plugin <= 3.25.17 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26988 | WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 - SQL Injection vulnerability | S | |
| CVE-2025-26989 | WordPress Zigaform – Form Builder Lite plugin <= 7.4.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26990 | WordPress Royal Elementor Addons plugin <= 1.7.1006 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2025-26991 | WordPress WPPizza plugin <= 3.19.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26992 | WordPress Landing Page Cat plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26993 | WordPress Visual Website Collaboration Atarim plugin <= 4.1.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26994 | WordPress Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin <= 7.4.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26995 | WordPress Market Exporter plugin <= 2.0.21 - Broken Access Control vulnerability | S | |
| CVE-2025-26996 | WordPress Sign-up Sheets plugin <= 2.3.0.1 - Shortcode Injection vulnerability | S | |
| CVE-2025-26997 | WordPress Wireless Butler plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-26998 | WordPress SKT Blocks – Gutenberg based Page Builder plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-26999 | WordPress ProfileGrid Plugin <= 5.9.4.3 - PHP Object Injection vulnerability | S |