CVE-2025-30xxx

There are 751 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-30000 A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affec...
CVE-2025-30002 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec...
CVE-2025-30003 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec...
CVE-2025-30004 Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection
CVE-2025-30005 Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion
CVE-2025-30006 Xorcom CompletePBX <= 5.2.35 Reflected Cross-Site Scripting
CVE-2025-30009 Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-30010 Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-30011 Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-30012 Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-30013 Code Injection vulnerability in SAP ERP BW Business Content
CVE-2025-30014 Directory Traversal vulnerability in SAP Capital Yield Tax Management
CVE-2025-30015 Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)
CVE-2025-30016 Authentication Bypass Vulnerability in SAP Financial Consolidation
CVE-2025-30017 Missing Authorization check in SAP Solution Manager
CVE-2025-30018 Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-30022 CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the...
E
CVE-2025-30023 The communication protocol used between client and server had a flaw that could lead to an authentic...
CVE-2025-30024 The communication protocol used between client and server had a flaw that could be leveraged to exec...
CVE-2025-30025 The communication protocol used between the server process and the service control had a flaw that c...
CVE-2025-30026 The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally req...
CVE-2025-30030 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec...
CVE-2025-30031 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec...
CVE-2025-30032 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec...
CVE-2025-30065 Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
E
CVE-2025-30066 tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions lo...
KEV E M
CVE-2025-30067 Apache Kylin: The remote code execution via jdbc url
CVE-2025-30072 Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Capture-replay, leading to physical...
CVE-2025-30073 An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transa...
CVE-2025-30074 Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows pr...
CVE-2025-30076 Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the too...
E
CVE-2025-30077 Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn...
E
CVE-2025-30080 Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows r...
CVE-2025-30084 Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.26 for Joomla
CVE-2025-30085 Extension - rsjoomla.com - Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla
CVE-2025-30087 Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection...
CVE-2025-30089 gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences....
E
CVE-2025-30090 mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS...
CVE-2025-30091 In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. Thi...
CVE-2025-30092 Intrexx Portal Server 12.x <= 12.0.2 and 11.x <= 11.9.2 allows XSS in multiple Velocity scripts....
CVE-2025-30093 HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before 24....
CVE-2025-30095 VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with ...
CVE-2025-30100 Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vul...
CVE-2025-30101 Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTO...
CVE-2025-30102 Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerabil...
CVE-2025-30106 On IROAD v9 devices, the dashcam has hardcoded default credentials ("qwertyuiop") that cannot be cha...
CVE-2025-30107 On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery c...
CVE-2025-30109 In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobi...
CVE-2025-30110 On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's pa...
CVE-2025-30111 On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam expo...
CVE-2025-30112 On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's network and accessing the API ...
CVE-2025-30113 An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exi...
CVE-2025-30114 An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairi...
CVE-2025-30115 An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Canno...
CVE-2025-30116 An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video...
CVE-2025-30117 An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obt...
CVE-2025-30118 An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial...
CVE-2025-30122 An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot b...
CVE-2025-30123 An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP c...
CVE-2025-30131 An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be...
CVE-2025-30132 An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an...
CVE-2025-30137 An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports...
CVE-2025-30138 An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive ...
CVE-2025-30139 An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be cha...
CVE-2025-30140 An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Inter...
CVE-2025-30141 An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and th...
CVE-2025-30142 An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It ...
CVE-2025-30143 Rule 3000216 (before version 2) in Akamai App & API Protector (with Akamai ASE) before 2024-12-10 do...
CVE-2025-30144 Fast-JWT Improperly Validates iss Claims
CVE-2025-30145 GeoServer has an Infinite Loop Vulnerability in Jiffle process
CVE-2025-30147 ALTBN128_ADD, ALTBN128_MUL, ALTBN128_PAIRING precompile functions do not check if points are on curve
CVE-2025-30148 Silverstripe Framework has a XSS vulnerability in HTML editor
CVE-2025-30149 OpenEMR Reflected XSS in AJAX Script
E S
CVE-2025-30150 Shopware 6 allows attackers to check for registered accounts through the store-api
CVE-2025-30151 Shopware allows Denial Of Service via password length
CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout
CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter
CVE-2025-30154 Multiple Reviewdog actions were compromised during a specific time period
KEV E S
CVE-2025-30155 Tuleap does not enforce read permissions on parent trackers in the REST API
CVE-2025-30157 Envoy crashes when HTTP ext_proc processes local replies
E S
CVE-2025-30158 NamelessMC Forum iframe width/height abuse causing UI-based Denial of Service
E S
CVE-2025-30159 Kirby vulnerable to path traversal of snippet names in the `snippet()` helper
CVE-2025-30160 Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form
CVE-2025-30161 OpenEMR Stored XSS in OpenEMR Bronchitis Form
E
CVE-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
CVE-2025-30163 Node based network policies may incorrectly allow workload traffic
CVE-2025-30164 Icinga Web 2 has open redirect on login page
CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection
CVE-2025-30167 Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2025-30168 Parse Server has an OAuth login vulnerability
CVE-2025-30169 Admin Authorized File Upload and Execute PHP
CVE-2025-30170 Admin Authorized Exposure of file path, file size or file existence
CVE-2025-30171 Admin Authorized System File Deletion
CVE-2025-30172 Admin Authorized Remote Code Execution
CVE-2025-30173 Admin Authorized File Upload
CVE-2025-30174 A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (Al...
CVE-2025-30175 A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (Al...
CVE-2025-30176 A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (Al...
CVE-2025-30177 Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering
CVE-2025-30179 MFA Enforcement Bypass in Search APIs
S
CVE-2025-30183 CyberData 011209 SIP Emergency Intercom Insufficiently Protected Credentials
S
CVE-2025-30184 CyberData 011209 SIP Emergency Intercom Authentication Bypass Using an Alternate Path or Channel
S
CVE-2025-30193 Denial of service via crafted TCP exchange
CVE-2025-30194 Denial of service via crafted DoH exchange
CVE-2025-30195 A crafted zone can lead to an illegal memory access in the PowerDNS Recursor
CVE-2025-30196 Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace co...
CVE-2025-30197 Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form...
CVE-2025-30202 Data exposure via ZeroMQ on multi-node vLLM deployment
E S
CVE-2025-30203 Tuleap allows XSS via the content of RSS feeds in the RSS widgets
CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing
CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log
CVE-2025-30206 Dpanel's hard-coded JWT secret leads to remote code execution
CVE-2025-30207 Kirby vulnerable to path traversal in the router for PHP's built-in server
CVE-2025-30208 Vite bypasses server.fs.deny when using `?raw??`
CVE-2025-30209 Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin
CVE-2025-30210 Bruno XSS On Environment Name
CVE-2025-30211 KEX init error results with excessive memory usage
CVE-2025-30212 Frappe has possibility of SQL injection due to improper validations
CVE-2025-30213 Frappe has Possibility of Remote Code Execution due to improper validation
CVE-2025-30214 Frappe vulnerable to information disclosure leading to account takeover
CVE-2025-30215 NATS-Server Fails to Authorize Certain Jetstream Admin APIs
CVE-2025-30216 CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length
E S
CVE-2025-30217 Frappe has possibility of SQL injection due to improper validations
CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts
CVE-2025-30219 RabbitMQ has XSS Vulnerability in an Error Message in Management UI
CVE-2025-30220 GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling
CVE-2025-30221 Pitchfork HTTP Request/Response Splitting vulnerability
CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD
E
CVE-2025-30223 Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input
CVE-2025-30224 MyDumper arbitrary file read issue
CVE-2025-30225 Directus's S3 assets become unavailable after a burst of malformed transformations
CVE-2025-30232 A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalat...
CVE-2025-30234 SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-...
CVE-2025-30235 Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had...
CVE-2025-30236 Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digi...
CVE-2025-30254 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
S
CVE-2025-30257 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
S
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data th...
CVE-2025-30259 The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defea...
CVE-2025-30279 File Station 5
S
CVE-2025-30280 A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime ...
CVE-2025-30281 ColdFusion | Improper Access Control (CWE-284)
CVE-2025-30282 ColdFusion | Improper Authentication (CWE-287)
CVE-2025-30284 ColdFusion | Deserialization of Untrusted Data (CWE-502)
CVE-2025-30285 ColdFusion | Deserialization of Untrusted Data (CWE-502)
CVE-2025-30286 ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
CVE-2025-30287 ColdFusion | Improper Authentication (CWE-287)
CVE-2025-30288 ColdFusion | Improper Access Control (CWE-284)
CVE-2025-30289 ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
CVE-2025-30290 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
CVE-2025-30291 ColdFusion | Information Exposure (CWE-200)
CVE-2025-30292 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2025-30293 ColdFusion | Improper Input Validation (CWE-20)
CVE-2025-30294 ColdFusion | Improper Input Validation (CWE-20)
CVE-2025-30295 Adobe Framemaker | Heap-based Buffer Overflow (CWE-122)
CVE-2025-30296 Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)
CVE-2025-30297 Adobe Framemaker | Out-of-bounds Write (CWE-787)
CVE-2025-30298 Adobe Framemaker | Stack-based Buffer Overflow (CWE-121)
CVE-2025-30299 Adobe Framemaker | Heap-based Buffer Overflow (CWE-122)
CVE-2025-30300 Adobe Framemaker | NULL Pointer Dereference (CWE-476)
CVE-2025-30301 Adobe Framemaker | NULL Pointer Dereference (CWE-476)
CVE-2025-30302 Adobe Framemaker | Out-of-bounds Read (CWE-125)
CVE-2025-30303 Adobe Framemaker | Out-of-bounds Read (CWE-125)
CVE-2025-30304 Adobe Framemaker | Out-of-bounds Write (CWE-787)
CVE-2025-30305 XMPWorker | Out-of-bounds Read (CWE-125)
CVE-2025-30306 XMPWorker | Out-of-bounds Read (CWE-125)
CVE-2025-30307 XMPWorker | Out-of-bounds Read (CWE-125)
CVE-2025-30308 XMPWorker | Out-of-bounds Read (CWE-125)
CVE-2025-30309 XMPWorker | Out-of-bounds Read (CWE-125)
CVE-2025-30310 Dreamweaver Desktop | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)
CVE-2025-30312 Dimension | Out-of-bounds Write (CWE-787)
CVE-2025-30313 Illustrator | Out-of-bounds Read (CWE-125)
CVE-2025-30314 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-30315 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-30316 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-30317 InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
CVE-2025-30318 InDesign Desktop | Out-of-bounds Write (CWE-787)
CVE-2025-30319 InDesign Desktop | NULL Pointer Dereference (CWE-476)
CVE-2025-30320 InDesign Desktop | NULL Pointer Dereference (CWE-476)
CVE-2025-30321 InDesign Desktop | NULL Pointer Dereference (CWE-476)
CVE-2025-30322 Substance3D - Painter | Out-of-bounds Write (CWE-787)
CVE-2025-30324 Photoshop Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191)
CVE-2025-30325 Photoshop Desktop | Integer Overflow or Wraparound (CWE-190)
CVE-2025-30326 Photoshop Desktop | Access of Uninitialized Pointer (CWE-824)
CVE-2025-30327 InCopy | Integer Overflow or Wraparound (CWE-190)
CVE-2025-30328 Animate | Out-of-bounds Write (CWE-787)
CVE-2025-30329 Animate | NULL Pointer Dereference (CWE-476)
CVE-2025-30330 Illustrator | Heap-based Buffer Overflow (CWE-122)
CVE-2025-30334 OpenBSD wg(4) kernel crash
CVE-2025-30342 An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderat...
E
CVE-2025-30343 A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to Open...
E
CVE-2025-30344 An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint...
E
CVE-2025-30345 An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.creat...
E
CVE-2025-30346 Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP...
CVE-2025-30347 Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an o...
M
CVE-2025-30348 encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline r...
S
CVE-2025-30349 Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that l...
CVE-2025-30350 Directus's S3 assets become unavailable after a burst of HEAD requests
CVE-2025-30351 Suspended Directus user can continue to use session token to access API
E
CVE-2025-30352 Directus `search` query parameter allows enumeration of non permitted fields
E
CVE-2025-30353 Directus's webhook trigger flows can leak sensitive data
E
CVE-2025-30354 Bruno ignores Safe-Mode in Asserts expressions
CVE-2025-30355 Synapse vulnerable to federation denial of service via malformed events
CVE-2025-30356 Heap Buffer Overflow via Incomplete Length Check in `Crypto_TC_ApplySecurity`
E S
CVE-2025-30357 NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion
E S
CVE-2025-30358 Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks
CVE-2025-30359 webpack-dev-server users' source code may be stolen when they access a malicious web site
CVE-2025-30360 webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
CVE-2025-30361 WeGIA Vulnerable to Broken Authentication - Old Password Validation
E
CVE-2025-30362 WeGIA vulnerable to Stored XSS in documentos_funcionario.php parameter id
E
CVE-2025-30363 WeGIA vulnerable to Stored XSS in documentos_funcionario.php parameter dados_addInfo
E
CVE-2025-30364 WeGIA vulnerable to SQL Injection (Blind Time-Based) in remuneracao.php parameter id_funcionario
E
CVE-2025-30365 SQL Injection in query_geracao_auto.php
E
CVE-2025-30366 WeGIA vulnerable to Stored XSS in personalizacao.php
E
CVE-2025-30367 WeGIA SQL Injection Vulnerability in nextPage Parameter on control.php Endpoint
E
CVE-2025-30368 Zulip allows the deletion of organization by administrators of a different organization
CVE-2025-30369 Zulip allows the deletion of Custom profile fields by administrators of a different organization
CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"
E
CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint
CVE-2025-30372 Emlog Pro contains an SQL injection vulnerability.
E
CVE-2025-30373 Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong value
CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-30378 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30384 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-30385 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-30387 Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability
CVE-2025-30389 Azure Bot Framework SDK Elevation of Privilege Vulnerability
CVE-2025-30390 Azure ML Compute Elevation of Privilege Vulnerability
CVE-2025-30391 Microsoft Dynamics Information Disclosure Vulnerability
CVE-2025-30392 Azure AI bot Elevation of Privilege Vulnerability
CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30394 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability
KEV E M
CVE-2025-30399 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-30400 Microsoft DWM Core Library Elevation of Privilege Vulnerability
KEV
CVE-2025-30401 A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according t...
CVE-2025-30402 A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to c...
CVE-2025-30403 A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a Q...
CVE-2025-30406 Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vuln...
KEV S
CVE-2025-30407 Local privilege escalation due to a binary hijacking vulnerability. The following products are affec...
CVE-2025-30408 Local privilege escalation due to insecure folder permissions. The following products are affected: ...
CVE-2025-30409 Denial of service due to allocation of resources without limits. The following products are affected...
CVE-2025-30415 Denial of service due to improper handling of malformed input. The following products are affected: ...
CVE-2025-30417 Out of Bounds Write in Library!DecodeBase64() in NI Circuit Design Suite
CVE-2025-30418 Out of Bounds Write in CheckPins() in NI Circuit Design Suite
CVE-2025-30419 Out of Bounds Read in GetSymbolBorderRectSize() in NI Circuit Design Suite
CVE-2025-30420 Out of Bounds Read in Bitmap::InternalDraw() in NI Circuit Design Suite
CVE-2025-30421 Stack-based Buffer Overflow in DrObjectStorage::XML_Serialize() in NI Circuit Design Suite
CVE-2025-30422 A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio...
CVE-2025-30424 A logging issue was addressed with improved data redaction. This issue is fixed in macOS Ventura 13....
CVE-2025-30425 This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari...
CVE-2025-30426 This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, tv...
CVE-2025-30427 A use-after-free issue was addressed with improved memory management. This issue is fixed in visionO...
CVE-2025-30428 This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPad...
CVE-2025-30429 A path handling issue was addressed with improved validation. This issue is fixed in visionOS 2.4, m...
CVE-2025-30430 This issue was addressed through improved state management. This issue is fixed in visionOS 2.4, iOS...
CVE-2025-30432 A logic issue was addressed with improved state management. This issue is fixed in visionOS 2.4, mac...
CVE-2025-30433 This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, mac...
CVE-2025-30434 The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.4 and iPadOS...
CVE-2025-30435 This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma...
CVE-2025-30436 This issue was addressed by restricting options offered on a locked device. This issue is fixed in i...
CVE-2025-30437 The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.4. An a...
CVE-2025-30438 This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, mac...
CVE-2025-30439 The issue was addressed with improved checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPad...
CVE-2025-30440 The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Seq...
CVE-2025-30441 This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An ap...
CVE-2025-30442 The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4,...
CVE-2025-30443 A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura ...
CVE-2025-30444 A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7.5, m...
CVE-2025-30445 A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4...
CVE-2025-30446 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura...
CVE-2025-30447 The issue was resolved by sanitizing logging This issue is fixed in visionOS 2.4, macOS Ventura 13.7...
CVE-2025-30448 This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14....
CVE-2025-30449 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura...
CVE-2025-30450 This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura ...
CVE-2025-30451 This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma...
CVE-2025-30452 The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Seq...
CVE-2025-30453 The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15....
CVE-2025-30454 A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14...
CVE-2025-30455 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonom...
CVE-2025-30456 A parsing issue in the handling of directory paths was addressed with improved path validation. This...
CVE-2025-30457 This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura ...
CVE-2025-30458 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia...
CVE-2025-30460 A permissions issue was addressed by removing vulnerable code and adding additional checks. This iss...
CVE-2025-30461 An access issue was addressed with additional sandbox restrictions on the system pasteboards. This i...
CVE-2025-30462 A library injection issue was addressed with additional restrictions. This issue is fixed in macOS V...
CVE-2025-30463 The issue was addressed with improved restriction of data container access. This issue is fixed in i...
CVE-2025-30464 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac...
CVE-2025-30465 A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13....
CVE-2025-30466 This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS ...
CVE-2025-30467 The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadO...
CVE-2025-30469 This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPad...
CVE-2025-30470 A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS ...
CVE-2025-30471 A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ven...
CVE-2025-30472 Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a st...
E
CVE-2025-30473 Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection
S
CVE-2025-30474 Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message
CVE-2025-30475 Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulne...
CVE-2025-30476 Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resource consumption vulnerability....
CVE-2025-30485 UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR seri...
CVE-2025-30507 CyberData 011209 SIP Emergency Intercom SQL Injection
S
CVE-2025-30510 Growatt Cloud portal Insufficient Type Distinction
S
CVE-2025-30511 Growatt Cloud Applications Cross-site Scripting
S
CVE-2025-30512 Growatt Cloud portal External Control of System or Configuration Setting
S
CVE-2025-30514 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
S
CVE-2025-30515 CyberData 011209 SIP Emergency Intercom Path Traversal
S
CVE-2025-30516 Unauthorized Notification Exposure in Mobile App Under Specific Conditions
S
CVE-2025-30520 WordPress Breezing Forms plugin <= 1.2.8.11 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30521 WordPress GP Back To Top plugin <= 3.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-30522 WordPress Contact Form 7 Material Design plugin <= 1.0.0 - CSRF to Stored XSS vulnerability
CVE-2025-30523 WordPress Super Simple Subscriptions plugin <= 1.1.0 - SQL Injection vulnerability
CVE-2025-30524 WordPress Product Catalog plugin <= 1.0.4 - SQL Injection vulnerability
CVE-2025-30525 WordPress WP Profitshare plugin <= 1.4.9 - SQL Injection vulnerability
CVE-2025-30526 WordPress Typekit plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-30527 WordPress My Bootstrap Menu plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-30528 WordPress Awesome Logos plugin <= 1.2 - CSRF to SQL Injection vulnerability
CVE-2025-30529 WordPress Auto Load Next Post plugin <= 1.5.14 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-30530 WordPress AI Preloader plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30531 WordPress WP Ride Booking plugin <= 2.4 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30532 WordPress Weather Layer plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30533 WordPress Message ticker plugin <= 9.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30534 WordPress Image Captcha plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
CVE-2025-30535 WordPress External image replace plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
CVE-2025-30536 WordPress Beautiful Link Preview plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30537 WordPress Upload Quota per User - <= <= 1.3 Cross Site Scripting (XSS) Vulnerability
CVE-2025-30538 WordPress Simple Optimizer plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-30539 WordPress BMo Expo plugin <= 1.0.15 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30540 WordPress AvaiBook plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30541 WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-30542 WordPress WP SoundCloud Ultimate plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-30543 WordPress Menu Duplicator plugin <= 1.0 - Broken Access Control vulnerability
CVE-2025-30544 WordPress OK Poster Group plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30545 WordPress issuuPress plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30546 WordPress Cackle plugin <= 4.33 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-30547 WordPress WP Cards plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30548 WordPress Advanced Post Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30549 WordPress Yummly Rich Recipes plugin <= 4.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-30550 WordPress CallPhone'r plugin <= 1.1.1 - CSRF to Stored XSS vulnerability
CVE-2025-30551 WordPress Pretty file links plugin <= 0.9 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30552 WordPress WordPress Admin Bar Improved plugin <= 3.3.5 - CSRF to Stored XSS vulnerability
CVE-2025-30553 WordPress GMO Font Agent plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30554 WordPress Frizzly plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30555 WordPress WordPres 同步微博 plugin <= 1.1.0 - CSRF to Stored XSS vulnerability
CVE-2025-30556 WordPress Fix Rss Feeds plugin <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-30557 WordPress Easy 301 Redirects plugin <= 1.33 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-30558 WordPress ANAC XML Render plugin <= 1.5.7 - CSRF to Stored XSS vulnerability
CVE-2025-30559 WordPress Kento WordPress Stats plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30560 WordPress jQuery Dropdown Menu plugin <= 3.0 - CSRF to Stored XSS vulnerability
CVE-2025-30561 WordPress CAS Maestro plugin <= 1.1.3 - CSRF to Stored XSS vulnerability
CVE-2025-30562 WordPress Navigation Tree Elementor plugin <= 1.0.1 - SQL Injection Vulnerability
CVE-2025-30563 WordPress Tidekey plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30564 WordPress Custom Script Integration - <= <= 2.1 Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30565 WordPress banner-manager plugin <= 16.04.19 - CSRF to Stored XSS vulnerability
CVE-2025-30566 WordPress Clink - <= <= 1.2.2 Cross Site Scripting (XSS) Vulnerability
CVE-2025-30567 WordPress WP01 <= 2.6.2 - Arbitrary File Download Vulnerability
CVE-2025-30568 WordPress Super Static Cache - <= <= 3.3.5 Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30569 WordPress WP Featured Entries - <= <= 1.0 SQL Injection Vulnerability
CVE-2025-30570 WordPress دکمه، شبکه اجتماعی خرید - <= <= 2.0.6 SQL Injection Vulnerability
CVE-2025-30571 WordPress STEdb Forms - <= <= 1.0.4 SQL Injection Vulnerability
CVE-2025-30572 WordPress Simple Rating plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
CVE-2025-30573 WordPress My Default Post Content - <= <= 0.7.3 Cross Site Scripting (XSS) Vulnerability
CVE-2025-30574 WordPress Mobile Navigation - <= <= 1.5 Cross Site Scripting (XSS) Vulnerability
CVE-2025-30575 WordPress Login Redirect - <= <= 1.0.5 Cross Site Scripting (XSS) Vulnerability
CVE-2025-30576 WordPress Hacklog Remote Image Autosave - <= <= 2.1.0 Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30577 WordPress Browser Address Bar Color plugin <= 3.3 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability
CVE-2025-30578 WordPress AdSense Privacy Policy plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability
CVE-2025-30579 WordPress Pesapal Gateway for Woocommerce plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30580 WordPress DigiWidgets Image Editor <= 1.10 - Remote Code Execution (RCE) Vulnerability
CVE-2025-30581 WordPress Top Bar - <= <=3.3 Broken Access Control Vulnerability
CVE-2025-30582 WordPress DyaPress ERP/CRM <= 18.0.2.0 - Local File Inclusion Vulnerability
CVE-2025-30583 WordPress Pro Rank Tracker plugin <= 1.0.0 - CSRF to Stored XSS Vulnerability
CVE-2025-30584 WordPress AlphaOmega Captcha & Anti-Spam Filter plugin <= 3.3 - CSRF to Stored XSS Vulnerability
CVE-2025-30585 WordPress Generate Post Thumbnails - <= <= 0.8 Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30586 WordPress cTabs plugin <= 1.3 - CSRF to Stored XSS Vulnerability
CVE-2025-30587 WordPress LH OGP Meta plugin <= 1.73 - CSRF to Stored XSS Vulnerability
CVE-2025-30588 WordPress Map Contact plugin <= 3.0.4 - CSRF to Stored XSS Vulnerability
CVE-2025-30589 WordPress Flickr set slideshows plugin <= 0.9 - SQL Injection Vulnerability
CVE-2025-30590 WordPress Flickr set slideshows - <= <= 0.9 SQL Injection Vulnerability
CVE-2025-30591 WordPress Music Press Pro - <= <= 1.4.6 Broken Access Control Vulnerability
CVE-2025-30592 WordPress Advanced Dewplayer - <= <= 1.6 Broken Access Control Vulnerability
CVE-2025-30593 WordPress Include URL - <= <= 0.3.5 Cross Site Scripting (XSS) Vulnerability
CVE-2025-30594 WordPress Include URL <= 0.3.5 Arbitrary File Download Vulnerability
CVE-2025-30595 WordPress include-file - <= <= 1 Cross Site Scripting (XSS) Vulnerability
CVE-2025-30596 WordPress include-file <= 1 - Arbitrary File Download Vulnerability
CVE-2025-30597 WordPress IG Shortcodes - <= <= 3.1 Cross Site Scripting (XSS) Vulnerability
CVE-2025-30598 WordPress OSS Upload - <= <= 4.8.9 Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30599 WordPress WP Parallax Content Slider plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30600 WordPress WP Hotjar plugin <= 0.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30601 WordPress Flipdish Ordering System plugin <= 1.4.16 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
CVE-2025-30602 WordPress Related Posts via Categories plugin <= 2.1.2 - CSRF to Stored XSS vulnerability
CVE-2025-30603 WordPress CopyLink plugin <= 1.1 - CSRF to Stored XSS vulnerability
CVE-2025-30604 WordPress JiangQie Official Website Mini Program plugin <= 1.8.2 - SQL Injection Vulnerability
CVE-2025-30605 WordPress sourceplay-navermap plugin <= 0.0.2 - Broken Access Control vulnerability
CVE-2025-30606 WordPress Easy Page Transition plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30607 WordPress Quick Localization plugin <= 0.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30608 WordPress WordPress SQL Backup - <= <= 3.5.2 Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30609 WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps - <= <= 1.4.3 Sensitive Data Exposure Vulnerability
CVE-2025-30610 WordPress WP Social Widget - <= <= 2.2.6 Cross Site Scripting (XSS) Vulnerability
CVE-2025-30611 WordPress Wptobe-signinup plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30612 WordPress Replace Default Words plugin <= 1.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
CVE-2025-30613 WordPress Nmedia MailChimp plugin <= 5.4 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30614 WordPress Google Font Fix plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30615 WordPress WP e-Commerce Style Email plugin <= 0.6.2 - CSRF to Remote Code Execution vulnerability
CVE-2025-30616 WordPress Latest Custom Post Type Updates plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30617 WordPress Rewrite - <= <= 0.2.1 Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30618 WordPress Rapyd Payment Extension for WooCommerce plugin <= 1.2.0 - PHP Object Injection Vulnerability
S
CVE-2025-30619 WordPress SpeakPipe - <= <= 0.2 Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30620 WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability
CVE-2025-30621 WordPress Translator plugin <= 0.3 - CSRF to Stored XSS vulnerability
CVE-2025-30622 WordPress PostMash <= 1.0.3 - SQL Injection Vulnerability
CVE-2025-30623 WordPress wA11y – The Web Accessibility Toolbox plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30624 WordPress WordLift <= 3.54.4 - Broken Access Control Vulnerability
CVE-2025-30625 WordPress AppBanners <= 1.5.14 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30627 WordPress Elegant Visitor Counter <= 3.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30629 WordPress Bitly URL Shortener <= 1.3.3 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30630 WordPress Global Translator <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30632 WordPress Global Translator <= 2.0.2 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30634 WordPress WP Featured Content Slider <= 2.6 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30636 WordPress Accessibility Suite <= 4.19 - Broken Access Control Vulnerability
CVE-2025-30637 WordPress Booking Ultra Pro <= 1.1.20 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30638 WordPress Powie's Uptime Robot <= 0.9.7 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30640 A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker...
CVE-2025-30641 A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20....
CVE-2025-30642 A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker...
CVE-2025-30644 Junos OS: EX2300, EX3400, EX4000 Series, QFX5k Series: Receipt of a specific DHCP packet causes FPC crash when DHCP Option 82 is enabled
S
CVE-2025-30645 Junos OS: SRX Series: Transmission of specific control traffic sent out of a DS-Lite tunnel results in flowd crash
S
CVE-2025-30646 Junos OS and Junos OS Evolved: Receipt of a malformed LLDP TLV results in l2cpd crash
S
CVE-2025-30647 Junos OS: MX Series: Subscriber login/logout activity will lead to a memory leak
S
CVE-2025-30648 Junos OS and Junos OS Evolved: Receipt of a specifically malformed DHCP packet causes jdhcpd process to crash
S
CVE-2025-30649 Junos OS: MX240, MX480, MX960 with SPC3: An attacker sending specific packets will cause a CPU utilization DoS.
S
CVE-2025-30651 Junos OS and Junos OS Evolved: Receipt of a specific ICMPv6 packet causes a memory overrun leading to an rpd crash
S
CVE-2025-30652 Junos OS and Junos OS Evolved: Executing a specific CLI command when asregex-optimized is configured causes an rpd crash
S
CVE-2025-30653 Junos OS and Junos OS Evolved: LSP flap in a specific MPLS scenario leads to rpd crash
S
CVE-2025-30654 Junos OS and Junos OS Evolved: A local, low privileged user can access sensitive information
S
CVE-2025-30655 Junos OS and Junos OS Evolved: A specific CLI command will cause an RPD crash when rib-sharding and update-threading is enabled
S
CVE-2025-30656 Junos OS: MX Series, SRX Series: Processing of specific SIP INVITE messages by the SIP ALG will lead to an FPC crash
S
CVE-2025-30657 Junos OS: Processing of a specific BGP update causes the SRRD process to crash
S
CVE-2025-30658 Junos OS: SRX Series: On devices with Anti-Virus enabled, malicious server responses will cause memory to leak ultimately causing forwarding to stop
S
CVE-2025-30659 Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic
S
CVE-2025-30660 Junos OS: MX Series: Decapsulation of specific GRE packets leads to PFE reset
S
CVE-2025-30661 Junos OS: Low-privileged user can cause script to run as root, leading to privilege escalation
S
CVE-2025-30663 Zoom Workplace Apps - Time-of-check Time-of-use
CVE-2025-30664 Zoom Workplace Apps - Improper Neutralization of Special Elements
CVE-2025-30665 Zoom Workplace Apps for Windows - NULL Pointer Dereference
CVE-2025-30666 Zoom Workplace Apps for Windows - NULL Pointer Dereference
CVE-2025-30667 Zoom Workplace Apps - NULL Pointer Dereference
CVE-2025-30668 Zoom Workplace Apps - NULL Pointer Dereference
CVE-2025-30670 Zoom Workplace Apps for Windows - Null Pointer
CVE-2025-30671 Zoom Workplace Apps for Windows - Null Pointer
CVE-2025-30672 Mite for Perl generates code with an untrusted search path vulnerability
S
CVE-2025-30673 Sub::HandlesVia for Perl allows untrusted code to be included from the current working directory
S
CVE-2025-30675 Apache CloudStack: Unauthorised template/ISO list access to the domain/resource admins
CVE-2025-30676 Apache OFBiz: Stored XSS Vulnerability
S
CVE-2025-30677 Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors
CVE-2025-30678 A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM ...
CVE-2025-30679 A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE ...
CVE-2025-30680 A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an...
CVE-2025-30681 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Support...
S
CVE-2025-30682 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2025-30683 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Support...
S
CVE-2025-30684 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Support...
S
CVE-2025-30685 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Support...
S
CVE-2025-30686 Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (c...
S
CVE-2025-30687 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2025-30688 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2025-30689 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2025-30690 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The support...
S
CVE-2025-30691 Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Ora...
CVE-2025-30692 Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Attachme...
S
CVE-2025-30693 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t...
S
CVE-2025-30694 Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are ...
S
CVE-2025-30695 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t...
S
CVE-2025-30696 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versio...
S
CVE-2025-30697 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Pane...
S
CVE-2025-30698 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ...
CVE-2025-30699 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Su...
S
CVE-2025-30700 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication m...
S
CVE-2025-30701 Vulnerability in the RAS Security component of Oracle Database Server. Supported versions that are ...
S
CVE-2025-30702 Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supp...
CVE-2025-30703 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t...
S
CVE-2025-30704 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). ...
S
CVE-2025-30705 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versio...
CVE-2025-30706 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported v...
S
CVE-2025-30707 Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). ...
S
CVE-2025-30708 Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Search an...
CVE-2025-30709 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run...
S
CVE-2025-30710 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). ...
S
CVE-2025-30711 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: At...
S
CVE-2025-30712 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...
E S
CVE-2025-30713 Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager product of Oracle PeopleSo...
S
CVE-2025-30714 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Suppor...
S
CVE-2025-30715 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). ...
S
CVE-2025-30716 Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM U...
S
CVE-2025-30717 Vulnerability in the Oracle Teleservice product of Oracle E-Business Suite (component: Service Diagn...
CVE-2025-30718 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: At...
CVE-2025-30719 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...
CVE-2025-30720 Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Su...
CVE-2025-30721 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versi...
CVE-2025-30722 Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported...
CVE-2025-30723 Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Sup...
CVE-2025-30724 Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Sup...
S
CVE-2025-30725 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...
S
CVE-2025-30726 Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component...
S
CVE-2025-30727 Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module)...
CVE-2025-30728 Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Supp...
S
CVE-2025-30729 Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communicat...
CVE-2025-30730 Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component...
CVE-2025-30731 Vulnerability in the Oracle Applications Technology Stack product of Oracle E-Business Suite (compon...
S
CVE-2025-30732 Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component...
S
CVE-2025-30733 Vulnerability in the RDBMS Listener component of Oracle Database Server. Supported versions that ar...
S
CVE-2025-30735 Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSof...
S
CVE-2025-30736 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affec...
S
CVE-2025-30737 Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Core Smart ...
CVE-2025-30740 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run...
S
CVE-2025-30741 Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediv...
CVE-2025-30742 httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-of-bounds read because a certai...
CVE-2025-30763 WordPress EO4WP <= 1.0.8.4 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30764 WordPress Football Pool plugin <= 2.12.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
S
CVE-2025-30765 WordPress FlexStock <= 3.13.1 - SQL Injection Vulnerability
S
CVE-2025-30766 WordPress Happy Addons for Elementor <= 3.16.2 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30767 WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability
S
CVE-2025-30768 WordPress jAlbum Bridge <= 2.0.18 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30769 WordPress WIP WooCarousel Lite plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
S
CVE-2025-30770 WordPress Charitable <= 1.8.4.7 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30771 WordPress WP Cassify <= 2.3.5 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30772 WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability
S
CVE-2025-30773 WordPress TranslatePress <= 2.9.6 - PHP Object Injection Vulnerability
S
CVE-2025-30774 WordPress Quiz Maker plugin <= 6.6.8.7 - SQL Injection vulnerability
S
CVE-2025-30775 WordPress WPGuppy plugin <= 1.1.3 - SQL Injection vulnerability
S
CVE-2025-30776 WordPress Sitekit <= 1.8 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30777 WordPress Support Genix <= 1.4.11 - Insecure Direct Object References (IDOR) Vulnerability
S
CVE-2025-30778 WordPress VForm plugin <= 3.1.9 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30779 WordPress Doneren met Mollie <= 2.10.7 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30780 WordPress Audio Album <= 1.5.0 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30781 WordPress Scheduled & Automatic Order Status Controller for WooCommerce <= 3.7.1 - Open Redirection Vulnerability
S
CVE-2025-30782 WordPress Subscribe to Download Lite plugin <= 1.2.9 - Local File Inclusion vulnerability
S
CVE-2025-30783 WordPress WP Google Review Slider plugin <= 16.0 - CSRF to SQL Injection vulnerability
S
CVE-2025-30784 WordPress WP Subscription Forms <= 1.2.3 - SQL Injection Vulnerability
S
CVE-2025-30785 WordPress Subscribe to Download Lite <= 1.2.9 - Local File Inclusion Vulnerability
S
CVE-2025-30786 WordPress Quotes llama <= 3.1.0 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30787 WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerability
S
CVE-2025-30788 WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to SQL Injection vulnerability
S
CVE-2025-30789 WordPress Clearout Email Validator <= 3.2.0 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30790 WordPress Chatbox Manager <= 1.2.2 - Broken Access Control Vulnerability
S
CVE-2025-30791 WordPress Cart tracking for WooCommerce plugin <= 1.0.16 - SQL Injection Vulnerability
S
CVE-2025-30792 WordPress Comment Approved Notifier Extended plugin <= 5.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30793 WordPress Houzez Property Feed plugin <= 2.5.4 - Arbitrary File Download Vulnerability
S
CVE-2025-30794 WordPress Event Tickets plugin <= 5.20.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30795 WordPress Automation By Autonami plugin <= 3.5.1 - Open Redirection vulnerability
S
CVE-2025-30796 WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30797 WordPress Greek Multi Tool – Fix peralinks, accents, auto create menus and more plugin <= 2.3.1 - Broken Access Control Vulnerability
S
CVE-2025-30798 WordPress Better WishList API plugin <= 1.1.4 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30799 WordPress WP Google Street View plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30800 WordPress Gum Elementor Addon plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30801 WordPress TWB Woocommerce Reviews plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30802 WordPress Our Team Members plugin <= 2.2 - Sensitive Data Exposure vulnerability
S
CVE-2025-30803 WordPress Just Writing Statistics plugin <= 5.3 - Broken Access Control vulnerability
S
CVE-2025-30804 WordPress wpShopGermany IT-RECHT KANZLEI plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30805 WordPress Flexible Cookies plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30806 WordPress Vimeotheque plugin <= 2.3.4.2 - SQL Injection vulnerability
S
CVE-2025-30807 WordPress Next-Cart Store to WooCommerce Migration plugin <= 3.9.4 - SQL Injection vulnerability
S
CVE-2025-30808 WordPress About Author plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30809 WordPress WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms plugin <= 4.8.4 - Settings Change vulnerability
S
CVE-2025-30810 WordPress Lead Form Data Collection to CRM plugin <= 3.0.1 - SQL Injection vulnerability
S
CVE-2025-30811 WordPress ValidateCertify plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30812 WordPress SKT Addons for Elementor plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30813 WordPress Listamester plugin <= 2.3.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30814 WordPress The Post Grid plugin <= 7.7.17 - Local File Inclusion vulnerability
S
CVE-2025-30815 WordPress Hesabfa Accounting plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30816 WordPress publish post email notification plugin <= 1.0.2.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
S
CVE-2025-30817 WordPress Z Companion plugin <= 1.0.13 - Broken Access Control vulnerability
S
CVE-2025-30818 WordPress jAlbum Bridge plugin <= 2.0.17 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30819 WordPress Simple Giveaways plugin <= 2.48.1 - SQL Injection vulnerability
S
CVE-2025-30820 WordPress WishSuite plugin <= 1.4.4 - Local File Inclusion Vulnerability
S
CVE-2025-30821 WordPress SNORDIAN's H5PxAPIkatchu plugin <= 0.4.14 - Broken Access Control vulnerability
S
CVE-2025-30822 WordPress Custom Login Logo Plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30823 WordPress Anthologize Plugin <= 0.8.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30824 WordPress Textmetrics plugin <= 3.6.1 - Broken Access Control vulnerability
S
CVE-2025-30825 WordPress WPC Smart Linked Products plugin <= 1.3.5 - Privilege Escalation vulnerability
S
CVE-2025-30826 WordPress IP Locator plugin <= 4.1.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30827 WordPress WP2LEADS plugin <= 3.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30828 WordPress Timetics plugin <= 1.0.29 - Broken Access Control vulnerability
S
CVE-2025-30829 WordPress WPCafe plugin <= 2.2.31 - Local File Inclusion vulnerability
S
CVE-2025-30830 WordPress Cool Author Box plugin <= 2.9.9 - Broken Access Control vulnerability
S
CVE-2025-30831 WordPress Themify Event Post Plugin <= 1.3.2 - Local File Inclusion vulnerability
S
CVE-2025-30832 WordPress Themify Event Post Plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30833 WordPress Verge3D Publishing and E-Commerce Plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30834 WordPress Bit Assist plugin <= 1.5.4 - Path Traversal vulnerability
S
CVE-2025-30835 WordPress Accounting for WooCommerce plugin <= 1.6.8 - Local File Inclusion vulnerability
S
CVE-2025-30836 WordPress LatePoint plugin <= 5.1.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30837 WordPress WooCommerce Fattureincloud plugin <= 2.6.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30838 WordPress Cozy Blocks plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30839 WordPress Taxi Booking Manager for WooCommerce plugin <= 1.2.1 - Broken Access Control vulnerability
S
CVE-2025-30840 WordPress xili-dictionary plugin <= 2.12.5 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30841 WordPress Countdown & Clock plugin <=2.8.8 - Remote Code Execution (RCE) vulnerability
S
CVE-2025-30842 WordPress Christmas Panda plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30843 WordPress bizcalendar-web plugin <= 1.1.0.34 - SQL Injection vulnerability
S
CVE-2025-30844 WordPress Watu Quiz plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30845 WordPress The Pack Elementor addons plugin <= 2.1.1 - Local File Inclusion vulnerability
S
CVE-2025-30846 WordPress Restaurant Menu by MotoPress plugin <= 2.4.4 - Local File Inclusion vulnerability
S
CVE-2025-30847 WordPress Novelist plugin <= 1.2.3 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30848 WordPress Hostel plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30849 WordPress Essential Real Estate plugin <= 5.2.0 - Local File Inclusion Vulnerability
S
CVE-2025-30850 WordPress Dr. Flex plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30851 WordPress Tickera plugin <= 3.5.5.2 - Broken Access Control vulnerability
S
CVE-2025-30852 WordPress Oracle Cards Lite plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30853 WordPress ShortPixel Adaptive Images plugin <= 3.10.0 - Broken Authentication vulnerability
S
CVE-2025-30854 WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30855 WordPress Ads by WPQuads plugin <= 2.0.87.1 - Broken Access Control Vulnerability
S
CVE-2025-30856 WordPress Custom Field For WP Job Manager plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30857 WordPress Currency Switcher for WooCommerce plugin <= 0.0.7 - CSRF to Stored XSS vulnerability
S
CVE-2025-30858 WordPress Snow Storm plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30859 WordPress AliNext plugin <= 3.5.1 - Open Redirection vulnerability
S
CVE-2025-30860 WordPress Off-Canvas Sidebars & Menus (Slidebars) plugin <= 0.5.8.2 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30861 WordPress Five Star Restaurant Reservations plugin <= 2.6.29 - Broken Access Control vulnerability
S
CVE-2025-30862 WordPress reCAPTCHA for all plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30863 WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30864 WordPress Exchange Rates plugin <= 1.2.2 - Broken Access Control vulnerability
S
CVE-2025-30865 WordPress 3DPrint Lite plugin <= 2.1.3.5 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30866 WordPress Terms & Conditions Per Product plugin <= 1.2.15 - Broken Access Control Vulnerability
S
CVE-2025-30867 WordPress SearchIQ plugin <= 4.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30868 WordPress Team Manager plugin <= 2.1.23 - Local File Inclusion Vulnerability
S
CVE-2025-30869 WordPress Image Wall plugin <= 3.0 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30870 WordPress WP Travel Engine plugin <= 6.3.5 - Local File Inclusion vulnerability
S
CVE-2025-30871 WordPress WP Travel Engine plugin <= 6.3.5 - Local File Inclusion vulnerability
S
CVE-2025-30872 WordPress Product Author for WooCommerce plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30873 WordPress Greenshift plugin <= 11.0.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30874 WordPress Specific Content For Mobile plugin <= 0.5.3 - Broken Access Control vulnerability
S
CVE-2025-30876 WordPress Ads by WPQuads plugin <= 2.0.87.1 - SQL Injection Vulnerability
S
CVE-2025-30877 WordPress Quiz Cat plugin <= 3.0.8 - Broken Access Control vulnerability
S
CVE-2025-30878 WordPress JS Help Desk plugin <= 2.9.2 - Arbitrary File Deletion vulnerability
S
CVE-2025-30879 WordPress MC Woocommerce Wishlist plugin <= 1.8.9 - SQL Injection vulnerability
S
CVE-2025-30880 WordPress JS Help Desk plugin <= 2.9.2 - Broken Access Control vulnerability
S
CVE-2025-30881 WordPress Big Store theme <= 2.0.8 - Broken Access Control vulnerability
S
CVE-2025-30882 WordPress JS Help Desk plugin <= 2.9.1 - Arbitrary File Download vulnerability
S
CVE-2025-30883 WordPress Trust.Reviews plugin <= 2.3 - Broken Access Control vulnerability
S
CVE-2025-30884 WordPress Bit Integrations plugin <= 2.4.10 - Open Redirection vulnerability
S
CVE-2025-30885 WordPress Bit Form plugin <= 2.18.0 - Open Redirection vulnerability
S
CVE-2025-30886 WordPress JS Help Desk plugin <= 2.9.2 - SQL Injection vulnerability
S
CVE-2025-30887 WordPress WpEvently Plugin <= 4.2.9 - Broken Access Control vulnerability
S
CVE-2025-30888 WordPress Custom Fields Account Registration For Woocommerce Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30889 WordPress Testimonial Slider plugin <= 2.0.13 - PHP Object Injection vulnerability
S
CVE-2025-30890 WordPress Login Widget for Ultimate Member plugin <= 1.1.2 - Local File Inclusion vulnerability
S
CVE-2025-30891 WordPress WpTravelly Plugin <= 1.8.7 - Local File Inclusion vulnerability
S
CVE-2025-30892 WordPress WpTravelly Plugin <= 1.8.7 - PHP Object Injection vulnerability
S
CVE-2025-30893 WordPress LeadConnector plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30894 WordPress WP Fast Total Search plugin <= 1.79.262 - Broken Access Control vulnerability
S
CVE-2025-30895 WordPress WpEvently Plugin <= 4.2.9 - PHP Object Injection vulnerability
S
CVE-2025-30896 WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability
S
CVE-2025-30897 WordPress Analytify plugin <= 5.5.1 - Settings Change vulnerability
S
CVE-2025-30898 WordPress افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30899 WordPress User Registration plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30900 WordPress Zoho Billing – Embed Payment Form plugin <= 4.0 - Stored Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30901 WordPress JS Help Desk plugin <= 2.9.2 - Local File Inclusion vulnerability
S
CVE-2025-30902 WordPress AEC Kiosque plugin <= 1.9.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30903 WordPress SyntaxHighlighter Evolved plugin <= 3.7.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30904 WordPress Chartify plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30905 WordPress Secure Copy Content Protection and Content Locking plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30906 WordPress Plugin Oficial – Getnet para WooCommerce plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30907 WordPress SecuPress Free plugin <= 2.2.5.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30908 WordPress Web Directory Free plugin <= 1.7.6 - CSRF to Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30909 WordPress Conversios.io plugin <= 7.2.3 - Broken Access Control vulnerability
S
CVE-2025-30910 WordPress CM Download Manager plugin <= 2.9.6 - Arbitrary File Deletion vulnerability
S
CVE-2025-30911 WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability
S
CVE-2025-30912 WordPress Float menu plugin <= 6.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
S
CVE-2025-30913 WordPress Access Areas Plugin <= 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30914 WordPress Metform Elementor Contact Form Builder plugin <= 3.9.2 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2025-30915 WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.19 - Broken Access Control vulnerability
S
CVE-2025-30916 WordPress Residential Address Detection plugin <= 2.5.4 - Broken Access Control vulnerability
S
CVE-2025-30917 WordPress SKU Generator for WooCommerce plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-30918 WordPress Structured Content plugin 1.6.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30919 WordPress Store Locator Widget plugin <= 20200131 - CSRF to Stored XSS vulnerability
S
CVE-2025-30920 WordPress WP Posts Carousel plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30921 WordPress Newsletters plugin <= 4.9.9.7 - SQL Injection vulnerability
S
CVE-2025-30922 WordPress Simplebooklet PDF Viewer and Embedder plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30923 WordPress Gift Message for WooCommerce plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-30924 WordPress Primer MyData for Woocommerce plugin < 4.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30925 WordPress The Pack Elementor addons plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30926 WordPress King Addons for Elementor plugin <= 24.12.58 - Broken Access Control Vulnerability
S
CVE-2025-30927 WordPress Wordapp <= 1.7.0 - Broken Access Control Vulnerability
CVE-2025-30928 WordPress WP Biographia <= 4.0.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30929 WordPress fluXtore plugin <= 1.6.0 - Broken Access Control Vulnerability
CVE-2025-30930 WordPress ACF: Yandex Maps Field <= 1.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30931 WordPress «Подсказки» от DaData.ru <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30932 WordPress WP Compress for MainWP <= 6.30.32 - Broken Access Control Vulnerability
CVE-2025-30933 WordPress LogisticsHub <= 1.1.6 - Arbitrary File Upload Vulnerability
CVE-2025-30934 WordPress 診断ジェネレータ作成プラグイン <= 1.4.16 - Broken Access Control Vulnerability
CVE-2025-30935 WordPress Contact Form <= 2.0.12 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30937 WordPress Responsify WP <= 1.9.11 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30938 WordPress Broadly for WordPress <= 3.0.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30939 WordPress IFrame Widget <= 4.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30940 WordPress Melipayamak <= 2.2.12 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30941 WordPress Pinterest Verify Meta Tag <= 1.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30942 WordPress Post Custom Templates Lite <= 1.14 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30943 WordPress Posts Slider Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30945 WordPress Taskbuilder <= 4.0.3 - Broken Access Control Vulnerability
CVE-2025-30946 WordPress Custom Bulk/Quick Edit <= 1.6.10 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30947 WordPress Cool fade popup plugin <= 10.1 - SQL Injection Vulnerability
CVE-2025-30948 WordPress Layouts for Elementor <= 1.11 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30950 WordPress All Currencies for WooCommerce <= 2.4.4 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30951 WordPress BlockStrap Page Builder - Bootstrap Blocks <= 0.1.36 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30952 WordPress Nexa Blocks <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30953 WordPress WP Gravity Forms Salesforce <= 1.4.7 - Open Redirection Vulnerability
CVE-2025-30954 WordPress WP Gravity Forms Constant Contact Plugin <= 1.1.0 - Open Redirection Vulnerability
CVE-2025-30956 WordPress Booqable Rental <= 2.4.20 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30957 WordPress Activity Plus Reloaded for BuddyPress <= 1.1.2 - Broken Access Control Vulnerability
CVE-2025-30958 WordPress onOffice for WP-Websites <= 5.7 - Broken Access Control Vulnerability
CVE-2025-30960 WordPress FS Poster plugin <= 6.5.8 - Subscriber+ Site Wide Broken Access Control vulnerability
S
CVE-2025-30961 WordPress Trackserver plugin <= 5.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30962 WordPress FS Poster plugin <= 6.5.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30963 WordPress JetSmartFilters plugin <= 3.6.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30964 WordPress Photography theme <= 7.5.2 - Server Side Request Forgery (SSRF) vulnerability
CVE-2025-30965 WordPress WPJobBoard plugin < 5.11.1 - Multiple Cross Site Request Forgery (CSRF) vulnerabilities vulnerability
S
CVE-2025-30966 WordPress WPJobBoard plugin < 5.11.1 - Path Traversal vulnerability
S
CVE-2025-30967 WordPress WPJobBoard plugin < 5.11.1 - CSRF to Remote Code Execution (RCE) vulnerability
S
CVE-2025-30968 WordPress Advanced Post List <= 0.5.6.2 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30969 WordPress iFrame Images Gallery plugin <= 9.0 - SQL Injection Vulnerability
CVE-2025-30970 WordPress Easy Contact plugin <= 0.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30971 WordPress XV Random Quotes plugin <= 1.40 - SQL Injection vulnerability
CVE-2025-30972 WordPress Woocommerce Line Notify plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30974 WordPress Post Grid Master <= 3.4.13 - Broken Access Control Vulnerability
CVE-2025-30976 WordPress Nexa Blocks <= 1.1.0 - Server Side Request Forgery (SSRF) Vulnerability
CVE-2025-30977 WordPress WP Live Chat + Chatbots Plugin for WordPress – Chaport <= 1.1.5 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30978 WordPress Slack Notifications by dorzki <= 2.0.7 - Broken Access Control Vulnerability
CVE-2025-30979 WordPress Pixelating image slideshow gallery plugin <= 8.0 - SQL Injection Vulnerability
CVE-2025-30980 WordPress Simple Keyword to Link <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30981 WordPress WP-Recall plugin <= 16.26.14 - CSRF to Privilege Escalation vulnerability
CVE-2025-30982 WordPress MyBookProgress by Stormhill Media plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30983 WordPress Card flip image slideshow plugin <= 1.5 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30984 WordPress SEO Tools plugin <= 4.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-30985 WordPress GNUCommerce plugin <= 1.5.4 - PHP Object Injection vulnerability
CVE-2025-30986 WordPress Elite Video Player <= 10.0.5 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30987 WordPress JetBlocks For Elementor plugin <= 1.3.16 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-30988 WordPress Elite Video Player <= 10.0.5 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30989 WordPress Libro de Reclamaciones y Quejas <= 0.9 - SQL Injection Vulnerability
S
CVE-2025-30990 WordPress ThemeHunk <= 1.1.1 - Broken Access Control Vulnerability
CVE-2025-30991 WordPress Premium Packages <= 6.0.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-30992 WordPress Puca theme <= 2.6.33 - Local File Inclusion Vulnerability
S
CVE-2025-30994 WordPress CubeWP – All-in-One Dynamic Content Framework plugin <= 1.1.23 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
CVE-2025-30995 WordPress Widgetize Pages Light plugin <= 3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
CVE-2025-30997 WordPress Car Repair Services <= 5.0 - Server Side Request Forgery (SSRF) Vulnerability
CVE-2025-30999 WordPress WP Shopify <= 1.5.3 - Local File Inclusion Vulnerability
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.