| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-49000 | InvenTree has uncontrolled memory allocation via built-in label-sheet plugin | | |
| CVE-2025-49001 | Dataease Authentication Bypass Vulnerability | E | |
| CVE-2025-49002 | Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability | E | |
| CVE-2025-49003 | Dataease H2 JDBC Connection Remote Code Execution | E | |
| CVE-2025-49004 | Hijacking Caido instance during the initial setup via DNS Rebinding to achieve RCE | | |
| CVE-2025-49005 | Next.js cache poisoning due to omission of Vary header | E | |
| CVE-2025-49006 | Wasp has case insensitive OAuth ID vulnerability | | |
| CVE-2025-49007 | ReDoS Vulnerability in Rack::Multipart handle_mime_head | | |
| CVE-2025-49008 | Atheos Improper Input Validation Vulnerability Enables RCE in Common.php | E | |
| CVE-2025-49009 | Para Inserts Sensitive Information into Log File for Facebook authentication | | |
| CVE-2025-49011 | SpiceDB checks involving relations with caveats can result in no permission when permission is expected | | |
| CVE-2025-49012 | Himmelblau's Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass | | |
| CVE-2025-49013 | WilderForge vulnerable to code Injection via GitHub Actions Workflows | | |
| CVE-2025-49014 | jq heap use after free vulnerability in f_strflocaltime | | |
| CVE-2025-49015 | The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification ... | | |
| CVE-2025-49029 | WordPress Custom Login And Signup Widget plugin <= 1.0 - Arbitrary Code Execution vulnerability | | |
| CVE-2025-49031 | WordPress SMu Manual DoFollow plugin <= 1.8.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49032 | WordPress Gutenberg Blocks plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49033 | WordPress ProfileGrid <= 5.9.5.3 - SQL Injection Vulnerability | S | |
| CVE-2025-49034 | WordPress Funnel Builder by FunnelKit plugin <= 3.10.2 - SQL Injection vulnerability | S | |
| CVE-2025-49035 | WordPress Admin Menu Groups plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49036 | WordPress Premium Addons for KingComposer Plugin <= 1.1.1 - Local File Inclusion Vulnerability | | |
| CVE-2025-49037 | WordPress Authentication and xmlrpc log writer plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49038 | WordPress WP Dynamic Links plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49039 | WordPress Link View plugin <= 0.8.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49040 | WordPress Backup Bolt plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-49044 | WordPress Simple Poll plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-49047 | WordPress DigitalOcean Spaces Sync plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49048 | WordPress Inspectlet – User Session Recording and Heatmaps plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49051 | WordPress Hide Text Shortcode plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49052 | WordPress Netease Music plugin <= 3.2.1 - Broken Access Control vulnerability | | |
| CVE-2025-49053 | WordPress WP Airdrop Manager plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49054 | WordPress Time Sheets plugin <= 2.1.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49056 | WordPress 多说社会化评论框 Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-49057 | WordPress WP Voting Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-49058 | WordPress SoundSt SEO Search plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49059 | WordPress CleverReach® WP Plugin <= 1.5.20 - SQL Injection Vulnerability | | |
| CVE-2025-49061 | WordPress Porn Videos Embed plugin <= 0.9.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49062 | WordPress WP-jScrollPane plugin <= 2.0.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49063 | WordPress BaiduXZH Submit(百度熊掌号) plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49064 | WordPress User Language Switch plugin <= 1.6.10 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49065 | WordPress Visit Counter Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-49067 | WordPress Nasa Core plugin < 6.4.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49068 | WordPress Ocean Extra plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49069 | WordPress Contact Forms by Cimatti plugin <= 1.9.8 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-49070 | WordPress Elessi < 6.4.1 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49071 | WordPress Flozen < 1.5.1 - Arbitrary File Upload Vulnerability | S | |
| CVE-2025-49072 | WordPress Mr. Murphy < 1.2.12.1 - PHP Object Injection Vulnerability | S | |
| CVE-2025-49073 | WordPress Sweet Dessert < 1.1.13 - PHP Object Injection Vulnerability | S | |
| CVE-2025-49074 | WordPress WidgetKit plugin <= 2.5.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49075 | WordPress Wishlist plugin <= 1.0.43 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49076 | WordPress The Plus Addons for Elementor Page Builder Lite plugin <= 6.2.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49077 | WordPress Dynamic Pricing and Discount Rules plugin <= 2.2.9 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-49080 | Memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54 | | |
| CVE-2025-49081 | Input validation vulnerability in the Secure Access prior to version 13.55 | | |
| CVE-2025-49082 | Permissions bypass vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56 | | |
| CVE-2025-49083 | Data deserialization vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56 | | |
| CVE-2025-49084 | Elevation of privilege vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56 | | |
| CVE-2025-49087 | In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal a... | E | |
| CVE-2025-49091 | KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading U... | | |
| CVE-2025-49112 | setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - p... | | |
| CVE-2025-49113 | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticate... | | |
| CVE-2025-49124 | Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows | | |
| CVE-2025-49125 | Apache Tomcat: Security constraint bypass for pre/post-resources | | |
| CVE-2025-49126 | Visionatrix Vulnerable to Reflected XSS Leading to Exfiltration of Secrets | | |
| CVE-2025-49127 | Kafbat UI vulnerable to Remote Code Execution by JMX in Metrices Configuration | E | |
| CVE-2025-49128 | Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation | E | |
| CVE-2025-49130 | Laravel Translation Manager Vulnerable to Stored Cross-site Scripting | | |
| CVE-2025-49131 | FastGPT Sandbox Vulnerable to Sandbox Bypass | | |
| CVE-2025-49132 | Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution | | |
| CVE-2025-49133 | Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue | | |
| CVE-2025-49134 | Weblate exposes personal IP address via e-mail | S | |
| CVE-2025-49135 | CVAT missing validation for in-progress backup upload names | | |
| CVE-2025-49136 | listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user | E S | |
| CVE-2025-49137 | Hax CMS Stored Cross-Site Scripting vulnerability | E S | |
| CVE-2025-49138 | HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter | E | |
| CVE-2025-49139 | @haxtheweb/haxcms-nodejs Iframe Phishing vulnerability | E S | |
| CVE-2025-49140 | Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS) | | |
| CVE-2025-49141 | HaxCMS-PHP Command Injection Vulnerability | E S | |
| CVE-2025-49142 | Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating | S | |
| CVE-2025-49143 | Nautobot may allows uploaded media files to be accessible without authentication | S | |
| CVE-2025-49144 | Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path | | |
| CVE-2025-49146 | pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration | | |
| CVE-2025-49147 | Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements | | |
| CVE-2025-49148 | ClipShare Server Allows Local Privilege Escalation via DLL Hijacking | | |
| CVE-2025-49149 | Dify has XSS vulnerability | E | |
| CVE-2025-49150 | Cursor Agent Potentially Leaks Information using JSON schema | | |
| CVE-2025-49151 | Use of Hard-coded, Security-relevant Constants in MICROSENS NMP Web+ | S | |
| CVE-2025-49152 | Insufficient Session Expiration in MICROSENS NMP Web+ | S | |
| CVE-2025-49153 | Path Traversal in MICROSENS NMP Web+ | S | |
| CVE-2025-49154 | An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business... | | |
| CVE-2025-49155 | An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module co... | | |
| CVE-2025-49156 | A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker ... | | |
| CVE-2025-49157 | A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local... | | |
| CVE-2025-49158 | An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a l... | | |
| CVE-2025-49162 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a rem... | | |
| CVE-2025-49163 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a craf... | | |
| CVE-2025-49164 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f... | | |
| CVE-2025-49175 | Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors | M | |
| CVE-2025-49176 | Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension | M | |
| CVE-2025-49177 | Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode | M | |
| CVE-2025-49178 | Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore | M | |
| CVE-2025-49179 | Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension | M | |
| CVE-2025-49180 | Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension | M | |
| CVE-2025-49181 | Configurations endpoint does not require authorization | M | |
| CVE-2025-49182 | Credential disclosure | S | |
| CVE-2025-49183 | Unencrypted communication (HTTP) | M | |
| CVE-2025-49184 | Information disclosure to unauthorized user | M | |
| CVE-2025-49185 | Stored Cross-Site-Script | M | |
| CVE-2025-49186 | No brute-force protection | M | |
| CVE-2025-49187 | User enumeration | M | |
| CVE-2025-49188 | Sensitive Data in URL | M | |
| CVE-2025-49189 | Cookie missing HttpOnly flag | S | |
| CVE-2025-49190 | Server-Side Request Forgery | M | |
| CVE-2025-49191 | Dashboards and iFrames can link malicious web content | M | |
| CVE-2025-49192 | Clickjacking | S | |
| CVE-2025-49193 | Missing HTTP Security Headers | S | |
| CVE-2025-49194 | Unencrypted communication | M | |
| CVE-2025-49195 | No protection against brute-force attacks | M | |
| CVE-2025-49196 | Deprecated TLS version supported | M | |
| CVE-2025-49197 | Deprecated TLS version supported | S | |
| CVE-2025-49198 | Poor quality of randomness in authorization tokens | M | |
| CVE-2025-49199 | Backup files can be modified and uploaded | M | |
| CVE-2025-49200 | Unencrypted backup contains sensitive information | M | |
| CVE-2025-49202 | Rejected reason: Not used... | R | |
| CVE-2025-49203 | Rejected reason: Not used... | R | |
| CVE-2025-49204 | Rejected reason: Not used... | R | |
| CVE-2025-49205 | Rejected reason: Not used... | R | |
| CVE-2025-49206 | Rejected reason: Not used... | R | |
| CVE-2025-49207 | Rejected reason: Not used... | R | |
| CVE-2025-49208 | Rejected reason: Not used... | R | |
| CVE-2025-49209 | Rejected reason: Not used... | R | |
| CVE-2025-49210 | Rejected reason: Not used... | R | |
| CVE-2025-49211 | A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an att... | | |
| CVE-2025-49212 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead... | | |
| CVE-2025-49213 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead... | | |
| CVE-2025-49214 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead... | | |
| CVE-2025-49215 | A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could al... | | |
| CVE-2025-49216 | An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could all... | | |
| CVE-2025-49217 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead... | | |
| CVE-2025-49218 | A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could al... | | |
| CVE-2025-49219 | An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead... | | |
| CVE-2025-49220 | An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead ... | | |
| CVE-2025-49221 | Unauthenticated Access to Channel Subscription in Mattermost Confluence Plugin | S | |
| CVE-2025-49222 | Mattermost Shared Channel Upload Type Validation Bypass | S | |
| CVE-2025-49223 | billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate... | | |
| CVE-2025-49234 | WordPress WP Dummy Content Generator plugin <= 3.4.6 - Arbitrary User Deletion vulnerability | S | |
| CVE-2025-49235 | WordPress RTMKit Addons for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49236 | WordPress Raychat <= 2.1.0 - Broken Access Control Vulnerability | S | |
| CVE-2025-49237 | WordPress POEditor plugin <= 0.9.10 - CSRF to Arbitrary File Deletion vulnerability | S | |
| CVE-2025-49238 | WordPress Everest Backup <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49239 | WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.5.0 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49240 | WordPress DocsPress <= 2.5.2 - Broken Access Control Vulnerability | S | |
| CVE-2025-49241 | WordPress oik <= 4.15.1 - Broken Access Control Vulnerability | S | |
| CVE-2025-49242 | WordPress Bellows Accordion Menu <= 1.4.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49243 | WordPress ShiftNav – Responsive Mobile Menu <= 1.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49244 | WordPress Shortcodes Ultimate <= 7.3.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49245 | WordPress Testimonials Showcase plugin <= 1.9.16 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49246 | WordPress Testimonials Showcase <= 1.9.16 - Broken Access Control Vulnerability | S | |
| CVE-2025-49247 | WordPress Team Showcase plugin < 25.05.13 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49248 | WordPress Team Showcase < 25.05.13 - Broken Access Control Vulnerability | S | |
| CVE-2025-49250 | WordPress Team Showcase plugin < 25.05.13 - Arbitrary Shortcode Execution vulnerability | S | |
| CVE-2025-49251 | WordPress Fana <= 1.1.28 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49252 | WordPress Besa <= 2.3.8 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49253 | WordPress Lasa <= 1.1 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49254 | WordPress Nika <= 1.2.8 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49255 | WordPress Ruza <= 1.0.7 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49256 | WordPress Sapa <= 1.1.14 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49257 | WordPress Zota <= 1.3.8 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49258 | WordPress Maia <= 1.1.15 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49259 | WordPress Hara <= 1.2.10 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49260 | WordPress Aora <= 1.3.9 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49261 | WordPress Diza <= 1.3.8 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49262 | WordPress Sina Extension for Elementor <= 3.6.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49263 | WordPress WC Vendors Marketplace <= 2.5.6 - SQL Injection Vulnerability | S | |
| CVE-2025-49264 | WordPress Cloud SAML SSO - Single Sign On Login <= 1.0.18 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49265 | WordPress Membership For WooCommerce <= 2.8.1 - Broken Access Control Vulnerability | S | |
| CVE-2025-49266 | WordPress Ultimate Reviews plugin <= 3.2.14 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49267 | WordPress Frontend Admin by DynamiApps <= 3.28.3 - SQL Injection Vulnerability | S | |
| CVE-2025-49268 | WordPress Verge3D <= 4.9.4 - Broken Access Control Vulnerability | S | |
| CVE-2025-49269 | WordPress Market Exporter <= 2.0.22 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49270 | WordPress WP-CRM System <= 3.4.2 - Broken Access Control Vulnerability | S | |
| CVE-2025-49271 | WordPress GravityWP - Merge Tags <= 1.4.4 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49272 | WordPress Trinity Audio <= 5.20.0 - Broken Access Control Vulnerability | S | |
| CVE-2025-49273 | WordPress WP Tools <= 5.24 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49274 | WordPress Neom Blog theme <= 0.0.9 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49275 | WordPress Blogbyte <= 1.1.1 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49276 | WordPress Blogmine <= 1.1.7 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49277 | WordPress Blogprise <= 1.0.9 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49278 | WordPress Blogty <= 1.0.11 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49279 | WordPress Blogvy <= 1.0.7 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49280 | WordPress Magty <= 1.0.6 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49281 | WordPress Magways <= 1.2.1 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49282 | WordPress Magze <= 1.0.9 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49283 | WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49284 | WordPress WP Maintenance Mode & Site Under Construction <= 4.3 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49285 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 3.8.0 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49286 | WordPress WP Table Builder <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49287 | WordPress Product Feed for WooCommerce <= 2.2.8 - Broken Access Control Vulnerability | S | |
| CVE-2025-49288 | WordPress Ultimate WP Mail <= 1.3.5 - Broken Access Control Vulnerability | S | |
| CVE-2025-49289 | WordPress PDF for WPForms <= 5.5.0 - Broken Access Control Vulnerability | S | |
| CVE-2025-49290 | WordPress Off-Canvas Sidebars & Menus (Slidebars) plugin <= 0.5.8.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49291 | WordPress Calculated Fields Form <= 5.3.58 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49292 | WordPress Profile Builder <= 3.13.8 - Content Spoofing Vulnerability | S | |
| CVE-2025-49293 | WordPress Crawlomatic Multisite Scraper Post Generator <= 2.6.8.2 - Broken Access Control Vulnerability | S | |
| CVE-2025-49294 | WordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Sensitive Data Exposure via Log Exposure vulnerability | S | |
| CVE-2025-49295 | WordPress MediClinic <= 2.1 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49296 | WordPress GrandPrix <= 1.6 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49297 | WordPress Grill and Chow <= 1.6 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49298 | WordPress Event post <= 5.10.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49299 | WordPress WebHotelier <= 1.9.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49301 | WordPress Greenshift <= 11.5.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49302 | WordPress Easy Stripe <= 1.1 - Remote Code Execution (RCE) Vulnerability | S | |
| CVE-2025-49303 | WordPress Frontend Admin by DynamiApps <= 3.28.7 - Arbitrary File Download Vulnerability | S | |
| CVE-2025-49304 | WordPress Search with Typesense <= 2.0.10 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49305 | WordPress Product Catalog Simple <= 1.8.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49306 | WordPress WP Social Widget <= 2.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49307 | WordPress WP Multilang <= 2.4.19 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49308 | WordPress WP Travel Engine <= 6.5.1 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49309 | WordPress HT Team Member <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49310 | WordPress Frontend Dashboard <= 2.2.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49311 | WordPress The Events Calendar Countdown Addon <= 1.4.9 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49312 | WordPress Echo RSS Feed Post Generator Plugin for WordPress plugin <= 5.4.8.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49313 | WordPress BRW <= 1.8.6 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49314 | WordPress BRW <= 1.8.6 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49315 | WordPress Persian Woocommerce SMS <= 7.0.10 - SQL Injection Vulnerability | S | |
| CVE-2025-49316 | WordPress WP2LEADS plugin <= 3.5.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49317 | WordPress WP Page Loading <= 1.0.6 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49318 | WordPress WPtouch <= 4.3.60 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49319 | WordPress Wishlist for WooCommerce <= 3.2.3 - Broken Access Control Vulnerability | S | |
| CVE-2025-49320 | WordPress FraudLabs Pro for WooCommerce <= 2.22.11 - Broken Access Control Vulnerability | S | |
| CVE-2025-49321 | WordPress Eventin plugin <= 4.0.28 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49322 | WordPress 404 Page by SeedProd < 1.0.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49323 | WordPress Hydra Booking <= 1.1.10 - SQL Injection Vulnerability | S | |
| CVE-2025-49324 | WordPress Job Board Manager <= 2.1.60 - Broken Access Control Vulnerability | S | |
| CVE-2025-49325 | WordPress Newspack Newsletters <= 3.13.0 - Open Redirection Vulnerability | S | |
| CVE-2025-49326 | WordPress GamiPress <= 7.4.5 - SQL Injection Vulnerability | S | |
| CVE-2025-49327 | WordPress ShortLinks Pro <= 1.0.7 - SQL Injection Vulnerability | S | |
| CVE-2025-49328 | WordPress Store Locator WordPress <= 1.5.1 - SQL Injection Vulnerability | S | |
| CVE-2025-49329 | WordPress Store Locator WordPress <= 1.5.2 - Arbitrary File Upload Vulnerability | S | |
| CVE-2025-49330 | WordPress Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.3.0 - PHP Object Injection Vulnerability | S | |
| CVE-2025-49331 | WordPress eCommerce Product Catalog <= 3.4.3 - PHP Object Injection Vulnerability | S | |
| CVE-2025-49332 | WordPress WP Time Slots Booking Form <= 1.2.30 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49333 | WordPress Simple Membership <= 4.6.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49381 | WordPress ads.txt Guru Connect Plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49382 | WordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49383 | WordPress Neresa Theme <= 1.3 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49384 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vu... | | |
| CVE-2025-49385 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vu... | | |
| CVE-2025-49387 | WordPress Drag and Drop File Upload for Elementor Forms Plugin <= 1.5.3 - Arbitrary File Upload Vulnerability | S | |
| CVE-2025-49388 | WordPress Miraculous Core Plugin Plugin <= 2.0.7 - Privilege Escalation Vulnerability | S | |
| CVE-2025-49389 | WordPress Notice Bar Plugin <= 3.1.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49391 | WordPress Sign-up Sheets Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49392 | WordPress Themify Audio Dock Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49395 | WordPress Themify Icons Plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49396 | WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability | S | |
| CVE-2025-49397 | WordPress Colorbox Lightbox Plugin <= 1.1.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49399 | WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49400 | WordPress WP Visitor Statistics (Real Time Traffic) Plugin <= 8.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49402 | WordPress Houzez CRM Plugin <= 1.4.7 - Broken Access Control Vulnerability | S | |
| CVE-2025-49404 | WordPress Listeo-Core Plugin <= 1.9.32 - SQL Injection Vulnerability | | |
| CVE-2025-49405 | WordPress Houzez Theme <= 4.1.1 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49406 | WordPress Houzez Theme <= 4.1.1 - Broken Access Control Vulnerability | S | |
| CVE-2025-49407 | WordPress Houzez Theme <= 4.1.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49408 | WordPress Templately Plugin <= 3.2.7 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-49409 | WordPress SensorPress plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49410 | WordPress TC Testimonials plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49411 | WordPress iFrame Block plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49412 | WordPress Page Transition plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49413 | WordPress Terms of Service & Privacy Policy Generator plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49414 | WordPress FW Gallery <= 8.0.0 - Arbitrary File Upload Vulnerability | | |
| CVE-2025-49415 | WordPress FW Gallery <= 8.0.0 - Arbitrary File Deletion Vulnerability | | |
| CVE-2025-49416 | WordPress FW Gallery plugin <= 8.0.0 - Local File Inclusion Vulnerability | | |
| CVE-2025-49417 | WordPress WooCommerce Product Multi-Action <= 1.3 - Deserialization of untrusted data Vulnerability | | |
| CVE-2025-49418 | WordPress Allmart <= 1.0.0 - Server Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2025-49419 | WordPress Foxit eSign for WordPress <= 2.0.3 - Other Vulnerability Type Vulnerability | | |
| CVE-2025-49420 | WordPress Markup Markdown plugin <= 3.20.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49421 | WordPress WP Text Expander <= 1.0.1 - SQL Injection Vulnerability | | |
| CVE-2025-49422 | WordPress iframe Wrapper plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49423 | WordPress Bulk YouTube Post Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49424 | WordPress Essential Doo Components for Visual Composer plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49425 | WordPress Konami Easter Egg <= v0.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-49426 | WordPress Cookie Warning plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-49427 | WordPress Abbie Expander <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-49428 | WordPress Cookie Warning plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49429 | WordPress Video Embeds <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-49431 | WordPress MF Plus WPML <= 1.1 - Settings Change Vulnerability | | |
| CVE-2025-49432 | WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability | | |
| CVE-2025-49433 | WordPress Supermalink <= 1.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-49434 | WordPress Laposta WooCommerce plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49435 | WordPress Wp Easy Allopass <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-49436 | WordPress Custom Menu plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49437 | WordPress WP LOL Rotation <= 1.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-49438 | WordPress Simple Login Log plugin <= 1.1.3 - PHP Object Injection vulnerability | | |
| CVE-2025-49439 | WordPress Atelier Create CV plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | | |
| CVE-2025-49440 | WordPress WP Security Master <= 1.0.2 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-49441 | WordPress Interactive Regional Map of Florida <= 1.0 - Broken Access Control Vulnerability | | |
| CVE-2025-49442 | WordPress Simple Nested Menu <= 1.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-49443 | WordPress Bacon Ipsum <= 2.4 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-49444 | WordPress Reformer for Elementor <= 1.0.5 - Arbitrary File Upload Vulnerability | | |
| CVE-2025-49445 | WordPress Interactive UK Regional Map plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | | |
| CVE-2025-49446 | WordPress Admin Notes <=1.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-49447 | WordPress FW Food Menu <= 6.0.0 - Arbitrary File Upload Vulnerability | | |
| CVE-2025-49448 | WordPress FW Food Menu plugin <= 6.0.0 - Arbitrary File Deletion Vulnerability | | |
| CVE-2025-49449 | WordPress Interactive Regional Map of Africa <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-49450 | WordPress SEPA Girocode <= 0.5.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-49451 | WordPress Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery <= 1.0.12 - Directory Traversal Vulnerability | | |
| CVE-2025-49452 | WordPress PostaPanduri <= 2.1.3 - SQL Injection Vulnerability | | |
| CVE-2025-49453 | WordPress BP Profile as Homepage plugin <= 1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-49454 | WordPress TinySalt < 3.10.0 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49455 | WordPress TinySalt < 3.10.0 - PHP Object Injection Vulnerability | S | |
| CVE-2025-49456 | Zoom Clients for Windows- Race Condition | | |
| CVE-2025-49457 | Zoom Clients for Windows - Untrusted Search Path | | |
| CVE-2025-49462 | Zoom Clients - Cross-site Scripting | | |
| CVE-2025-49463 | Zoom Clients for iOS - Insufficient Control Flow Management | | |
| CVE-2025-49464 | Zoom Clients for Windows- Classic Buffer Overflow | | |
| CVE-2025-49466 | aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path co... | E | |
| CVE-2025-49467 | Joomla Extension - jevents.net - SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla | | |
| CVE-2025-49468 | Joomla Extension - nobossextensions.com - SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla | | |
| CVE-2025-49480 | Out-of-bounds access in lte-telephony | | |
| CVE-2025-49481 | Resource leaks in router | | |
| CVE-2025-49482 | Resource leaks in tr069 | | |
| CVE-2025-49483 | Resource leaks in tr069 | | |
| CVE-2025-49484 | Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.1 for Joomla | E | |
| CVE-2025-49485 | Extension - balbooa.com - SQL injection in Balbooa Forms component version 1.0.0 - 2.3.1.1 for Joomla | | |
| CVE-2025-49486 | Extension - balbooa.com - Stored XSS in Balbooa Gallery component version 1.0.0 - 2.4.0 for Joomla | | |
| CVE-2025-49487 | An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (... | | |
| CVE-2025-49488 | Resource leaks in router | | |
| CVE-2025-49489 | Resource leaks in cm | | |
| CVE-2025-49490 | Resource leaks in router | | |
| CVE-2025-49491 | Resource leaks in traffic_stat | | |
| CVE-2025-49492 | Out-of-bounds write in lte-telephony | | |
| CVE-2025-49493 | Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) in... | | |
| CVE-2025-49507 | WordPress CozyStay < 1.7.1 - PHP Object Injection Vulnerability | S | |
| CVE-2025-49508 | WordPress CozyStay < 1.7.1 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49509 | WordPress Audio Editor & Recorder plugin <= 2.2.1 - Broken Access Control vulnerability | S | |
| CVE-2025-49510 | WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-49511 | WordPress Civi Framework plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to User Deactivation vulnerability | S | |
| CVE-2025-49520 | Event-driven-ansible: authenticated argument injection in git url in eda project creation | M | |
| CVE-2025-49521 | Event-driven-ansible: template injection via git branch and refspec in eda projects | M | |
| CVE-2025-49524 | Illustrator | NULL Pointer Dereference (CWE-476) | | |
| CVE-2025-49525 | Illustrator | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-49526 | Illustrator | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-49527 | Illustrator | Stack-based Buffer Overflow (CWE-121) | | |
| CVE-2025-49528 | Illustrator | Stack-based Buffer Overflow (CWE-121) | | |
| CVE-2025-49529 | Illustrator | Access of Uninitialized Pointer (CWE-824) | | |
| CVE-2025-49530 | Illustrator | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-49531 | Illustrator | Integer Overflow or Wraparound (CWE-190) | | |
| CVE-2025-49532 | Illustrator | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2025-49533 | Adobe Experience Manager (MS) | Deserialization of Untrusted Data (CWE-502) | | |
| CVE-2025-49534 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-49535 | ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) | | |
| CVE-2025-49536 | ColdFusion | Incorrect Authorization (CWE-863) | | |
| CVE-2025-49537 | ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) | | |
| CVE-2025-49538 | ColdFusion | XML Injection (aka Blind XPath Injection) (CWE-91) | | |
| CVE-2025-49539 | ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) | | |
| CVE-2025-49540 | ColdFusion | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-49541 | ColdFusion | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-49542 | ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2025-49543 | ColdFusion | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-49544 | ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) | | |
| CVE-2025-49545 | ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918) | | |
| CVE-2025-49546 | ColdFusion | Improper Access Control (CWE-284) | | |
| CVE-2025-49547 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-49549 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2025-49550 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2025-49551 | ColdFusion | Use of Hard-coded Credentials (CWE-798) | | |
| CVE-2025-49554 | Adobe Commerce | Improper Input Validation (CWE-20) | | |
| CVE-2025-49555 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) | | |
| CVE-2025-49556 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2025-49557 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-49558 | Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) | | |
| CVE-2025-49559 | Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) | | |
| CVE-2025-49560 | Substance3D - Viewer | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-49561 | Animate | Use After Free (CWE-416) | | |
| CVE-2025-49562 | Animate | Use After Free (CWE-416) | | |
| CVE-2025-49563 | Illustrator | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-49564 | Illustrator | Stack-based Buffer Overflow (CWE-121) | | |
| CVE-2025-49567 | Illustrator | NULL Pointer Dereference (CWE-476) | | |
| CVE-2025-49568 | Illustrator | Use After Free (CWE-416) | | |
| CVE-2025-49569 | Substance3D - Viewer | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-49570 | Photoshop Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-49571 | Substance3D - Modeler | Uncontrolled Search Path Element (CWE-427) | | |
| CVE-2025-49572 | Substance3D - Modeler | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-49573 | Substance3D - Modeler | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-49574 | Quarkus potential data leak when duplicating a duplicated context | | |
| CVE-2025-49575 | Citizen allows stored XSS in Command Palette tip messages | E S | |
| CVE-2025-49576 | Citizen allows stored XSS in search no result messages | E S | |
| CVE-2025-49577 | Citizen allows stored XSS in preference menu headings | E S | |
| CVE-2025-49578 | Citizen allows stored XSS in user registration date message | E S | |
| CVE-2025-49579 | Citizen allows stored XSS in menu heading message | E S | |
| CVE-2025-49580 | XWiki allows privilege escalation through link refactoring | | |
| CVE-2025-49581 | XWiki allows remote code execution through default value of wiki macro wiki-type parameters | | |
| CVE-2025-49582 | XWiki's required right warnings for macros are incomplete | | |
| CVE-2025-49583 | XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right | | |
| CVE-2025-49584 | XWiki makes title of inaccessible pages available through the class property values REST API | | |
| CVE-2025-49585 | XWiki does not require right warnings for XClass definitions | | |
| CVE-2025-49586 | XWiki allows remote code execution through preview of XClass changes in AWM editor | | |
| CVE-2025-49587 | XWiki does not require right warnings for notification displayer objects | | |
| CVE-2025-49588 | Linkwarden Local File Inclusion Vulnerability | E | |
| CVE-2025-49589 | PCSX2 Contains a Stack-based Buffer Overflow in IOP Console Logging | | |
| CVE-2025-49590 | CryptPad Dom-Based Cross-Site Scripting (XSS) Vulnerability | E S | |
| CVE-2025-49591 | CryptPad 2FA Bypass Vulnerability | E S | |
| CVE-2025-49592 | n8n Login Flow has Open Redirect Vulnerability | | |
| CVE-2025-49593 | Portainer HTTP Headers May Leak to Malicious Container Registries | | |
| CVE-2025-49595 | n8n Vulnerable to Denial of Service via Malformed Binary Data Requests | | |
| CVE-2025-49596 | MCP Inspector proxy server lacks authentication between the Inspector client and proxy | | |
| CVE-2025-49597 | handcraftedinthealps goodby-csv Potential Gadget Chain allowing Remote Code Execution | | |
| CVE-2025-49598 | conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing | E | |
| CVE-2025-49599 | Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-... | E | |
| CVE-2025-49600 | In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation ... | | |
| CVE-2025-49601 | In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is... | | |
| CVE-2025-49603 | Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control.... | | |
| CVE-2025-49604 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2025-49618 | In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, ... | | |
| CVE-2025-49619 | Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of... | E | |
| CVE-2025-49630 | Apache HTTP Server: mod_proxy_http2 denial of service | | |
| CVE-2025-49651 | Missing Authorization for Interactive Sessions | | |
| CVE-2025-49652 | Improper access control allows arbitrary account creation | | |
| CVE-2025-49653 | Exposure of sensitive Information allows account takeover | | |
| CVE-2025-49656 | Apache Jena: Administrative users can create files outside the server directory space via the admin UI | | |
| CVE-2025-49657 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-49658 | Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability | | |
| CVE-2025-49659 | Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-49660 | Windows Event Tracing Elevation of Privilege Vulnerability | | |
| CVE-2025-49661 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | | |
| CVE-2025-49663 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-49664 | Windows User-Mode Driver Framework Host Information Disclosure Vulnerability | | |
| CVE-2025-49665 | Workspace Broker Elevation of Privilege Vulnerability | | |
| CVE-2025-49666 | Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability | | |
| CVE-2025-49667 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | | |
| CVE-2025-49668 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-49669 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-49670 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-49671 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-49672 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-49673 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-49674 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-49675 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-49676 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-49677 | Microsoft Brokering File System Elevation of Privilege Vulnerability | | |
| CVE-2025-49678 | NTFS Elevation of Privilege Vulnerability | | |
| CVE-2025-49679 | Windows Shell Elevation of Privilege Vulnerability | | |
| CVE-2025-49680 | Windows Performance Recorder (WPR) Denial of Service Vulnerability | | |
| CVE-2025-49681 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-49682 | Windows Media Elevation of Privilege Vulnerability | | |
| CVE-2025-49683 | Microsoft Virtual Hard Disk Remote Code Execution Vulnerability | | |
| CVE-2025-49684 | Windows Storage Port Driver Information Disclosure Vulnerability | | |
| CVE-2025-49685 | Windows Search Service Elevation of Privilege Vulnerability | | |
| CVE-2025-49686 | Windows TCP/IP Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-49687 | Windows Input Method Editor (IME) Elevation of Privilege Vulnerability | | |
| CVE-2025-49688 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-49689 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | | |
| CVE-2025-49690 | Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability | | |
| CVE-2025-49691 | Windows Miracast Wireless Display Remote Code Execution Vulnerability | | |
| CVE-2025-49693 | Microsoft Brokering File System Elevation of Privilege Vulnerability | | |
| CVE-2025-49694 | Microsoft Brokering File System Elevation of Privilege Vulnerability | | |
| CVE-2025-49695 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-49696 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-49697 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-49698 | Microsoft Word Remote Code Execution Vulnerability | | |
| CVE-2025-49699 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-49700 | Microsoft Word Remote Code Execution Vulnerability | | |
| CVE-2025-49701 | Microsoft SharePoint Remote Code Execution Vulnerability | | |
| CVE-2025-49702 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-49703 | Microsoft Word Remote Code Execution Vulnerability | | |
| CVE-2025-49704 | Microsoft SharePoint Remote Code Execution Vulnerability | KEV | |
| CVE-2025-49705 | Microsoft PowerPoint Remote Code Execution Vulnerability | | |
| CVE-2025-49706 | Microsoft SharePoint Server Spoofing Vulnerability | KEV | |
| CVE-2025-49707 | Azure Virtual Machines Spoofing Vulnerability | | |
| CVE-2025-49709 | Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox <... | | |
| CVE-2025-49710 | An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerabili... | | |
| CVE-2025-49711 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-49712 | Microsoft SharePoint Remote Code Execution Vulnerability | | |
| CVE-2025-49713 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | | |
| CVE-2025-49714 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | | |
| CVE-2025-49715 | Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability | | |
| CVE-2025-49716 | Windows Netlogon Denial of Service Vulnerability | | |
| CVE-2025-49717 | Microsoft SQL Server Remote Code Execution Vulnerability | | |
| CVE-2025-49718 | Microsoft SQL Server Information Disclosure Vulnerability | | |
| CVE-2025-49719 | Microsoft SQL Server Information Disclosure Vulnerability | | |
| CVE-2025-49721 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-49722 | Windows Print Spooler Denial of Service Vulnerability | | |
| CVE-2025-49723 | Windows StateRepository API Server file Tampering Vulnerability | | |
| CVE-2025-49724 | Windows Connected Devices Platform Service Remote Code Execution Vulnerability | | |
| CVE-2025-49725 | Windows Notification Elevation of Privilege Vulnerability | | |
| CVE-2025-49726 | Windows Notification Elevation of Privilege Vulnerability | | |
| CVE-2025-49727 | Win32k Elevation of Privilege Vulnerability | | |
| CVE-2025-49729 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-49730 | Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-49731 | Microsoft Teams Elevation of Privilege Vulnerability | | |
| CVE-2025-49732 | Windows Graphics Component Elevation of Privilege Vulnerability | | |
| CVE-2025-49733 | Win32k Elevation of Privilege Vulnerability | | |
| CVE-2025-49735 | Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | | |
| CVE-2025-49736 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | | |
| CVE-2025-49737 | Microsoft Teams Elevation of Privilege Vulnerability | | |
| CVE-2025-49738 | Microsoft PC Manager Elevation of Privilege Vulnerability | | |
| CVE-2025-49739 | Visual Studio Elevation of Privilege Vulnerability | | |
| CVE-2025-49740 | Windows SmartScreen Security Feature Bypass Vulnerability | | |
| CVE-2025-49741 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | | |
| CVE-2025-49742 | Windows Graphics Component Remote Code Execution Vulnerability | | |
| CVE-2025-49743 | Windows Graphics Component Elevation of Privilege Vulnerability | | |
| CVE-2025-49744 | Windows Graphics Component Elevation of Privilege Vulnerability | | |
| CVE-2025-49745 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | | |
| CVE-2025-49746 | Azure Machine Learning Elevation of Privilege Vulnerability | | |
| CVE-2025-49747 | Azure Machine Learning Elevation of Privilege Vulnerability | | |
| CVE-2025-49751 | Windows Hyper-V Denial of Service Vulnerability | | |
| CVE-2025-49753 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-49755 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | | |
| CVE-2025-49756 | Office Developer Platform Security Feature Bypass Vulnerability | | |
| CVE-2025-49757 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-49758 | Microsoft SQL Server Elevation of Privilege Vulnerability | | |
| CVE-2025-49759 | Microsoft SQL Server Elevation of Privilege Vulnerability | | |
| CVE-2025-49760 | Windows Storage Spoofing Vulnerability | | |
| CVE-2025-49761 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2025-49762 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | | |
| CVE-2025-49763 | Apache Traffic Server: Remote DoS via memory exhaustion in ESI Plugin | | |
| CVE-2025-49785 | Rejected reason: Not used... | R | |
| CVE-2025-49786 | Rejected reason: Not used... | R | |
| CVE-2025-49787 | Rejected reason: Not used... | R | |
| CVE-2025-49788 | Rejected reason: Not used... | R | |
| CVE-2025-49789 | Rejected reason: Not used... | R | |
| CVE-2025-49790 | Rejected reason: Not used... | R | |
| CVE-2025-49791 | Rejected reason: Not used... | R | |
| CVE-2025-49792 | Rejected reason: Not used... | R | |
| CVE-2025-49793 | Rejected reason: Not used... | R | |
| CVE-2025-49794 | Libxml: heap use after free (uaf) leads to denial of service (dos) | M | |
| CVE-2025-49795 | Libxml: null pointer dereference leads to denial of service (dos) | M | |
| CVE-2025-49796 | Libxml: type confusion leads to denial of service (dos) | M | |
| CVE-2025-49797 | Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If expl... | | |
| CVE-2025-49809 | mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the... | E | |
| CVE-2025-49810 | Thread summarization allows persistent access to channel | S | |
| CVE-2025-49812 | Apache HTTP Server: mod_ssl TLS upgrade attack | | |
| CVE-2025-49813 | An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulner... | S | |
| CVE-2025-49814 | Rejected reason: Not used... | R | |
| CVE-2025-49815 | Rejected reason: Not used... | R | |
| CVE-2025-49816 | Rejected reason: Not used... | R | |
| CVE-2025-49817 | Rejected reason: Not used... | R | |
| CVE-2025-49818 | Rejected reason: Not used... | R | |
| CVE-2025-49819 | Rejected reason: Not used... | R | |
| CVE-2025-49820 | Rejected reason: Not used... | R | |
| CVE-2025-49821 | Rejected reason: Not used... | R | |
| CVE-2025-49822 | Rejected reason: Not used... | R | |
| CVE-2025-49823 | Conda Constructor Command Injection via Unsanitized User Input (Low) | | |
| CVE-2025-49824 | conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack | | |
| CVE-2025-49825 | Teleport allows remote authentication bypass | | |
| CVE-2025-49826 | Next.js DoS vulnerability via cache poisoning | | |
| CVE-2025-49827 | Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator | | |
| CVE-2025-49828 | Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Remote Code Execution | | |
| CVE-2025-49829 | Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations | | |
| CVE-2025-49830 | Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to path traversal and file disclosure | | |
| CVE-2025-49831 | Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device | | |
| CVE-2025-49832 | Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation | | |
| CVE-2025-49833 | GHSL-2025-045: GPT-SoVITS Command Injection vulnerability | E | |
| CVE-2025-49834 | GHSL-2025-046: GPT-SoVITS Command Injection vulnerability | E | |
| CVE-2025-49835 | GHSL-2025-047: GPT-SoVITS Command Injection vulnerability | E | |
| CVE-2025-49836 | GHSL-2025-048: GPT-SoVITS Command Injection vulnerability | E | |
| CVE-2025-49837 | GHSL-2025-049: GPT-SoVITS Deserialization of Untrusted Data vulnerability | E | |
| CVE-2025-49838 | GHSL-2025-050: GPT-SoVITS Deserialization of Untrusted Data vulnerability | E | |
| CVE-2025-49839 | GHSL-2025-051: GPT-SoVITS Deserialization of Untrusted Data vulnerability | E | |
| CVE-2025-49840 | GHSL-2025-052: GPT-SoVITS Deserialization of Untrusted Data vulnerability | E | |
| CVE-2025-49841 | GHSL-2025-053: GPT-SoVITS Deserialization of Untrusted Data vulnerability | E | |
| CVE-2025-49842 | conda-forge-webservices Privilege Escalation Risk via Default Docker Root User | | |
| CVE-2025-49843 | conda-smithy Has Incorrect Default File Permissions | | |
| CVE-2025-49845 | Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers | | |
| CVE-2025-49846 | wire-ios accidentally logs message contents | | |
| CVE-2025-49847 | llama.cpp Vulnerable to Buffer Overflow via Malicious GGUF Model | S | |
| CVE-2025-49848 | Out-of-bounds Write in Write in LS Electric GMWin 4 | S | |
| CVE-2025-49849 | Out-of-bounds Read in Write in LS Electric GMWin 4 | S | |
| CVE-2025-49850 | Out-of-bounds Read in Write in LS Electric GMWin 4 | S | |
| CVE-2025-49851 | Improper Authentication in ControlID iDSecure On-premises | S | |
| CVE-2025-49852 | Server-Side Request Forgery (SSRF) in ControlID iDSecure On-premises | S | |
| CVE-2025-49853 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ControlID iDSecure On-premises | S | |
| CVE-2025-49854 | WordPress Slim SEO plugin <= 4.5.4 - SQL Injection Vulnerability | S | |
| CVE-2025-49855 | WordPress Meks Flexible Shortcodes plugin <= 1.3.7 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49856 | WordPress Responsive Plus plugin <= 3.2.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | S | |
| CVE-2025-49857 | WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability | S | |
| CVE-2025-49858 | WordPress Arconix Shortcodes plugin <= 2.1.17 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49859 | WordPress WP Views Counter plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49861 | WordPress Kama Click Counter plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-49862 | WordPress Ebook Store plugin <= 5.8008 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49863 | WordPress Advanced Sermons plugin <= 3.6 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49864 | WordPress AFS Analytics plugin <= 4.21 - Broken Access Control Vulnerability | S | |
| CVE-2025-49865 | WordPress Advanced Settings plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-49866 | WordPress Beautiful Cookie Consent Banner <= 4.6.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49867 | WordPress RealHomes <= 4.4.0 - Privilege Escalation Vulnerability | S | |
| CVE-2025-49868 | WordPress Automation By Autonami plugin <= 3.6.0 - Open Redirection Vulnerability | S | |
| CVE-2025-49869 | WordPress Eventin Plugin <= 4.0.31 - PHP Object Injection Vulnerability | S | |
| CVE-2025-49870 | WordPress Paid Member Subscriptions <= 2.15.1 - SQL Injection Vulnerability | S | |
| CVE-2025-49871 | WordPress Noptin plugin <= 3.8.7 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49872 | WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability | S | |
| CVE-2025-49873 | WordPress Elessi <= 6.3.9 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49874 | WordPress Arconix FAQ plugin <= 1.9.6 - Broken Access Control Vulnerability | S | |
| CVE-2025-49875 | WordPress If-So Dynamic Content Personalization plugin <= 1.9.3.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49876 | WordPress ProfileGrid <= 5.9.5.2 - SQL Injection Vulnerability | S | |
| CVE-2025-49877 | WordPress ProfileGrid plugin <= 5.9.5.2 - Server Side Request Forgery (SSRF) Vulnerability | S | |
| CVE-2025-49878 | WordPress WPAdverts plugin <= 2.2.4 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49879 | WordPress Litho <= 3.0 - Arbitrary File Deletion Vulnerability | S | |
| CVE-2025-49880 | WordPress CubeWP Forms plugin <= 1.1.5 - Broken Access Control Vulnerability | S | |
| CVE-2025-49881 | WordPress Responsive Blocks plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49882 | WordPress CubeWP Framework plugin <= 1.1.23 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49883 | WordPress Greenmart theme <= 4.2.3 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49884 | WordPress Internal Linking of Related Contents plugin <= 1.1.8 - Broken Access Control Vulnerability | S | |
| CVE-2025-49885 | WordPress Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin <= 5.0.6 - Arbitrary File Upload Vulnerability | S | |
| CVE-2025-49886 | WordPress Zikzag Core plugin <= 1.4.5 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49887 | WordPress Product XML Feed Manager for WooCommerce Plugin <= 2.9.3 - Remote Code Execution (RCE) Vulnerability | S | |
| CVE-2025-49888 | WordPress PW WooCommerce On Sale! plugin <= 1.39 - Broken Access Control Vulnerability | S | |
| CVE-2025-49889 | WordPress Custom Comment plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49890 | WordPress AWStats Script plugin <= 0.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49891 | WordPress Contact Info Widget plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49892 | WordPress Pending Order Bot plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49893 | WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49894 | WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49895 | WordPress ServerBuddy by PluginBuddy.com plugin <= 1.0.5 - CSRF to PHP Object Injection vulnerability | | |
| CVE-2025-49896 | WordPress WP Discord Post Plus – Supports Unlimited Channels plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-49897 | WordPress Vertical scroll slideshow gallery v2 plugin <= 9.1 - SQL Injection vulnerability | | |
| CVE-2025-49898 | WordPress Dropshix plugin <= 4.0.14 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-49964 | WordPress ClipLink plugin <= 1.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-49965 | WordPress PixelBeds Channel Manager and Hotel Booking Engine plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-49966 | WordPress Oganro Travel Portal Search Widget for HotelBeds APITUDE API plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-49967 | WordPress Live Sports Streamthunder plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-49968 | WordPress XML Travel Portal Widget plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-49969 | WordPress Zara 4 Image Compression plugin <= 1.2.17.2 - Broken Access Control Vulnerability | | |
| CVE-2025-49970 | WordPress Hello FSE Blog theme <= 1.0.6 - Broken Access Control Vulnerability | | |
| CVE-2025-49971 | WordPress eDS Responsive Menu plugin <= 1.2 - Broken Access Control Vulnerability | | |
| CVE-2025-49972 | WordPress TM Replace Howdy plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-49973 | WordPress Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes plugin <= 1.0.9 - Broken Access Control Vulnerability | | |
| CVE-2025-49974 | WordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.0 - Broken Access Control Vulnerability | | |
| CVE-2025-49975 | WordPress JobWP plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-49976 | WordPress WANotifier plugin <= 2.7.7 - Broken Access Control Vulnerability | | |
| CVE-2025-49977 | WordPress WP Inventory Manager plugin <= 2.3.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-49978 | WordPress JobSearch plugin <= 2.9.0 - Insecure Direct Object References (IDOR) Vulnerability | | |
| CVE-2025-49979 | WordPress Media Hygiene plugin <= 4.0.1 - Broken Access Control Vulnerability | | |
| CVE-2025-49980 | WordPress WP User Profile Avatar plugin <= 1.0.6 - Broken Access Control Vulnerability | | |
| CVE-2025-49981 | WordPress User Roles and Capabilities plugin <= 1.2.6 - Broken Access Control Vulnerability | | |
| CVE-2025-49982 | WordPress WP Customer Area plugin <= 8.2.5 - Broken Access Control Vulnerability | | |
| CVE-2025-49983 | WordPress WPThumb plugin <= 0.10 - Server Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2025-49984 | WordPress PowerPress Podcasting plugin <= 11.12.11 - Server Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2025-49985 | WordPress Auto Upload Images plugin <= 3.3.2 - Server Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2025-49986 | WordPress Video List Manager plugin <= 1.7 - Broken Access Control Vulnerability | | |
| CVE-2025-49987 | WordPress CRM ERP Business Solution plugin <= 1.13 - Broken Access Control Vulnerability | | |
| CVE-2025-49988 | WordPress Contact Form 7 AWeber Extension plugin <= 0.1.38 - Broken Access Control Vulnerability | | |
| CVE-2025-49989 | WordPress App Builder plugin <= 5.5.3 - Broken Access Control Vulnerability | | |
| CVE-2025-49990 | WordPress ContentStudio plugin <= 1.3.4 - Broken Access Control Vulnerability | | |
| CVE-2025-49991 | WordPress WP-Recall plugin <= 16.26.14 - Broken Access Control Vulnerability | | |
| CVE-2025-49993 | WordPress Cookie-Script.com plugin <= 1.2.1 - Broken Access Control Vulnerability | | |
| CVE-2025-49995 | WordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) Vulnerability | | |
| CVE-2025-49996 | WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.8 - Broken Access Control Vulnerability | | |
| CVE-2025-49997 | WordPress Giveaways and Contests by RafflePress plugin <= 1.12.17 - Broken Access Control Vulnerability | | |
| CVE-2025-49998 | WordPress WooCommerce Fortnox Integration plugin <= 4.5.5 - Broken Access Control Vulnerability | |