Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2025-32138
|
N/A |
Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps allows XML Injection. This issue affects Easy Google Maps: from n/a through 1.11.17.
|
04 Apr 2025
|
|
|
CVE-2025-32137
|
N/A |
Relative Path Traversal vulnerability in Cristián Lávaque s2Member allows Path Traversal. This issue affects s2Member: from n/a through 250214.
|
04 Apr 2025
|
|
|
CVE-2025-32136
|
N/A |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in activecampaign ActiveCampaign allows Stored XSS. This issue affects ActiveCampaign: from n/a through 8.1.16.
|
04 Apr 2025
|
|
|
CVE-2025-32135
|
N/A |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rocketelements Split Test For Elementor allows Stored XSS. This issue affects Split Test For Elementor: from n/a through 1.8.3.
|
04 Apr 2025
|
|
|
CVE-2025-32134
|
N/A |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders URL Shortify allows Stored XSS. This issue affects URL Shortify: from n/a through 1.10.4.
|
04 Apr 2025
|
|
|
CVE-2025-32133
|
N/A |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.5.1.
|
04 Apr 2025
|
|
|
CVE-2025-32132
|
N/A |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Stored XSS. This issue affects FunnelCockpit: from n/a through 1.4.2.
|
04 Apr 2025
|
|
|
CVE-2025-32131
|
N/A |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in socialintents Social Intents allows Stored XSS. This issue affects Social Intents: from n/a through 1.6.14.
|
04 Apr 2025
|
|
|
CVE-2025-32130
|
N/A |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Migitation, Inc. Posts Footer Manager allows Stored XSS. This issue affects Posts Footer Manager: from n/a through 2.2.0.
|
04 Apr 2025
|
|
|
CVE-2025-32129
|
N/A |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Migitation, Inc. Welcome Bar allows Stored XSS. This issue affects Welcome Bar: from n/a through 2.0.4.
|
04 Apr 2025
|
|
|
CVE-2025-32127
|
N/A |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in onOffice GmbH onOffice for WP-Websites allows SQL Injection. This issue affects onOffice for WP-Websites: from n/a through 5.7.
|
04 Apr 2025
|
|
|
CVE-2025-32126
|
N/A |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cmsMinds Pay with Contact Form 7 allows SQL Injection. This issue affects Pay with Contact Form 7: from n/a through 1.0.4.
|
04 Apr 2025
|
|
|
CVE-2025-32125
|
N/A |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silvasoft Silvasoft boekhouden allows SQL Injection. This issue affects Silvasoft boekhouden: from n/a through 3.0.1.
|
04 Apr 2025
|
|
|
CVE-2025-32124
|
N/A |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager allows Blind SQL Injection. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.
|
04 Apr 2025
|
|
|
CVE-2025-32122
|
N/A |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing allows Blind SQL Injection. This issue affects uListing: from n/a through 2.1.9.
|
04 Apr 2025
|
|
|
CVE-2025-32121
|
N/A |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows SQL Injection. This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.3.
|
04 Apr 2025
|
|
|
CVE-2025-32120
|
N/A |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erick Danzer Easy Query – WP Query Builder allows Blind SQL Injection. This issue affects Easy Query – WP Query Builder: from n/a through 2.0.4.
|
04 Apr 2025
|
|
|
CVE-2025-32118
|
N/A |
Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13.
|
04 Apr 2025
|
|
|
CVE-2025-32113
|
N/A |
Cross-Site Request Forgery (CSRF) vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas allows Cross Site Request Forgery. This issue affects Libro de Reclamaciones y Quejas: from n/a through 0.9.
|
04 Apr 2025
|
|
|
CVE-2025-32112
|
N/A |
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.1.8.
|
04 Apr 2025
|
|
|
CVE-2025-25178
|
N/A |
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption.
|
04 Apr 2025
|
|
|
CVE-2025-0468
|
N/A |
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.
Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.
|
04 Apr 2025
|
|
|
CVE-2025-3253
|
MEDIUM |
A vulnerability was found in xujiangfei admintwo 1.0 and classified as problematic. This issue affects some unknown processing of the file /ztree/insertTree. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
04 Apr 2025
|
|
|
CVE-2025-3252
|
MEDIUM |
A vulnerability has been found in xujiangfei admintwo 1.0 and classified as problematic. This vulnerability affects unknown code of the file /resource/add. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
04 Apr 2025
|
|
|
CVE-2025-3251
|
MEDIUM |
A vulnerability, which was classified as problematic, was found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation of the argument motto leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
04 Apr 2025
|
CVE-2025-32138
N/A
04 Apr 2025
Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps allows XML Injection. This issue affects Easy Google Maps: from n/a through 1.11.17.
CVE-2025-32137
N/A
04 Apr 2025
Relative Path Traversal vulnerability in Cristián Lávaque s2Member allows Path Traversal. This issue affects s2Member: from n/a through 250214.
CVE-2025-32136
N/A
04 Apr 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in activecampaign ActiveCampaign allows Stored XSS. This issue affects ActiveCampaign: from n/a through 8.1.16.
CVE-2025-32135
N/A
04 Apr 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rocketelements Split Test For Elementor allows Stored XSS. This issue affects Split Test For Elementor: from n/a through 1.8.3.
CVE-2025-32134
N/A
04 Apr 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders URL Shortify allows Stored XSS. This issue affects URL Shortify: from n/a through 1.10.4.
CVE-2025-32133
N/A
04 Apr 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.5.1.
CVE-2025-32132
N/A
04 Apr 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Stored XSS. This issue affects FunnelCockpit: from n/a through 1.4.2.
CVE-2025-32131
N/A
04 Apr 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in socialintents Social Intents allows Stored XSS. This issue affects Social Intents: from n/a through 1.6.14.
CVE-2025-32130
N/A
04 Apr 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Migitation, Inc. Posts Footer Manager allows Stored XSS. This issue affects Posts Footer Manager: from n/a through 2.2.0.
CVE-2025-32129
N/A
04 Apr 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Migitation, Inc. Welcome Bar allows Stored XSS. This issue affects Welcome Bar: from n/a through 2.0.4.
CVE-2025-32127
N/A
04 Apr 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in onOffice GmbH onOffice for WP-Websites allows SQL Injection. This issue affects onOffice for WP-Websites: from n/a through 5.7.
CVE-2025-32126
N/A
04 Apr 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cmsMinds Pay with Contact Form 7 allows SQL Injection. This issue affects Pay with Contact Form 7: from n/a through 1.0.4.
CVE-2025-32125
N/A
04 Apr 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silvasoft Silvasoft boekhouden allows SQL Injection. This issue affects Silvasoft boekhouden: from n/a through 3.0.1.
CVE-2025-32124
N/A
04 Apr 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager allows Blind SQL Injection. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.
CVE-2025-32122
N/A
04 Apr 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing allows Blind SQL Injection. This issue affects uListing: from n/a through 2.1.9.
CVE-2025-32121
N/A
04 Apr 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows SQL Injection. This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.3.
CVE-2025-32120
N/A
04 Apr 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erick Danzer Easy Query – WP Query Builder allows Blind SQL Injection. This issue affects Easy Query – WP Query Builder: from n/a through 2.0.4.
CVE-2025-32118
N/A
04 Apr 2025
Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13.
CVE-2025-32113
N/A
04 Apr 2025
Cross-Site Request Forgery (CSRF) vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas allows Cross Site Request Forgery. This issue affects Libro de Reclamaciones y Quejas: from n/a through 0.9.
CVE-2025-32112
N/A
04 Apr 2025
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.1.8.
CVE-2025-25178
N/A
04 Apr 2025
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption.
CVE-2025-0468
N/A
04 Apr 2025
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.
Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.
CVE-2025-3253
MEDIUM
04 Apr 2025
A vulnerability was found in xujiangfei admintwo 1.0 and classified as problematic. This issue affects some unknown processing of the file /ztree/insertTree. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3252
MEDIUM
04 Apr 2025
A vulnerability has been found in xujiangfei admintwo 1.0 and classified as problematic. This vulnerability affects unknown code of the file /resource/add. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3251
MEDIUM
04 Apr 2025
A vulnerability, which was classified as problematic, was found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation of the argument motto leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Page 277 of 696
Page 277 of 696