Total
277590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4731 | 1 Ladipage | 1 Ladipage | 2025-01-15 | 4.3 Medium |
| The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modify a variety of settings, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts, | ||||
| CVE-2024-26204 | 1 Microsoft | 1 Outlook | 2025-01-15 | 7.5 High |
| Outlook for Android Information Disclosure Vulnerability | ||||
| CVE-2024-26203 | 1 Microsoft | 1 Azure Data Studio | 2025-01-15 | 7.3 High |
| Azure Data Studio Elevation of Privilege Vulnerability | ||||
| CVE-2025-21088 | 2025-01-15 | 6.5 Medium | ||
| Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input. | ||||
| CVE-2025-21229 | 2025-01-15 | 6.6 Medium | ||
| Windows Digital Media Elevation of Privilege Vulnerability | ||||
| CVE-2025-21189 | 2025-01-15 | 4.3 Medium | ||
| MapUrlToZone Security Feature Bypass Vulnerability | ||||
| CVE-2025-21273 | 2025-01-15 | 8.8 High | ||
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-23073 | 2025-01-15 | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension. | ||||
| CVE-2025-22968 | 2025-01-15 | N/A | ||
| An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions | ||||
| CVE-2025-22799 | 2025-01-15 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.This issue affects Neon Product Designer: from n/a through 2.1.1. | ||||
| CVE-2025-22798 | 2025-01-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer Responsive jQuery Slider allows Stored XSS.This issue affects Responsive jQuery Slider: from n/a through 1.1.1. | ||||
| CVE-2025-22797 | 2025-01-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oğulcan Özügenç Gallery and Lightbox allows Stored XSS.This issue affects Gallery and Lightbox: from n/a through 1.0.14. | ||||
| CVE-2025-22795 | 2025-01-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thorsten Krug Multilang Contact Form allows Reflected XSS.This issue affects Multilang Contact Form: from n/a through 1.5. | ||||
| CVE-2025-22793 | 2025-01-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bold Bold pagos en linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through 3.1.0. | ||||
| CVE-2025-22788 | 2025-01-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codexpert, Inc CoDesigner WooCommerce Builder for Elementor allows Stored XSS.This issue affects CoDesigner WooCommerce Builder for Elementor: from n/a through 4.7.17.2. | ||||
| CVE-2025-22787 | 2025-01-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5. | ||||
| CVE-2025-22786 | 2025-01-15 | 7.5 High | ||
| Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6. | ||||
| CVE-2025-22785 | 2025-01-15 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System allows SQL Injection.This issue affects Course Booking System: from n/a through 6.0.5. | ||||
| CVE-2025-22784 | 2025-01-15 | 8.6 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Johan Ström Background Control allows Path Traversal.This issue affects Background Control: from n/a through 1.0.5. | ||||
| CVE-2025-22782 | 2025-01-15 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Upload a Web Shell to a Web Server.This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8. | ||||