Total
310357 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58124 | 1 Checkmk | 1 Checkmk | 2025-08-29 | N/A |
| Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic. | ||||
| CVE-2025-9654 | 2025-08-29 | 6.3 Medium | ||
| A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve this issue. The patch is named cd2566a948b696501abfa6c6b03462cac5fb43d8. It is advisable to upgrade the affected component. | ||||
| CVE-2025-53215 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8bitkid Yahoo! WebPlayer allows Reflected XSS. This issue affects Yahoo! WebPlayer: from n/a through 2.0.6. | ||||
| CVE-2025-53220 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XmasB XmasB Quotes allows Reflected XSS. This issue affects XmasB Quotes: from n/a through 1.6.1. | ||||
| CVE-2025-53224 | 2025-08-29 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Koen Schuit NextGEN Gallery Search allows Reflected XSS. This issue affects NextGEN Gallery Search: from n/a through 2.12. | ||||
| CVE-2025-53243 | 2025-08-29 | 8.1 High | ||
| Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress allows Object Injection. This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress: from n/a through 4.5.3. | ||||
| CVE-2025-53244 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine Elite allows PHP Local File Inclusion. This issue affects Magazine Elite: from n/a through 1.2.4. | ||||
| CVE-2025-53247 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPInterface BlogMarks allows PHP Local File Inclusion. This issue affects BlogMarks: from n/a through 1.0.8. | ||||
| CVE-2025-53250 | 2025-08-29 | 6.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Chartbeat Chartbeat allows Server Side Request Forgery. This issue affects Chartbeat: from n/a through 2.0.7. | ||||
| CVE-2025-53289 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Widget Areas allows Reflected XSS. This issue affects Theme Blvd Widget Areas: from n/a through 1.3.0. | ||||
| CVE-2025-53337 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.4 Medium |
| Missing Authorization vulnerability in Ashan Perera LifePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LifePress: from n/a through 2.1.3. | ||||
| CVE-2025-53576 | 2025-08-29 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ovatheme Events allows PHP Local File Inclusion. This issue affects Ovatheme Events: from n/a through 1.2.8. | ||||
| CVE-2025-53579 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captcha.eu Captcha.eu allows Reflected XSS. This issue affects Captcha.eu: from n/a through n/a. | ||||
| CVE-2025-48362 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.2.4. | ||||
| CVE-2025-48363 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert allows Cross Site Request Forgery. This issue affects Popup for CF7 with Sweet Alert: from n/a through 1.6.5. | ||||
| CVE-2025-54710 | 2 Bplugins, Wordpress | 2 Tiktok Feed Plugin, Wordpress | 2025-08-29 | 7.1 High |
| Missing Authorization vulnerability in bPlugins Tiktok Feed allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Tiktok Feed: from n/a through 1.0.21. | ||||
| CVE-2025-54716 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5. | ||||
| CVE-2025-49383 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Neresa allows PHP Local File Inclusion. This issue affects Neresa: from n/a through 1.3. | ||||
| CVE-2025-49407 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2025-08-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1. | ||||
| CVE-2025-54724 | 2 Uxper, Wordpress | 2 Golo, Wordpress | 2025-08-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1. | ||||