Total
277614 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0481 | 2025-01-15 | 5.3 Medium | ||
| A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-1687 | 1 Villatheme | 1 Woocommerce Thank You Page Customizer | 2025-01-15 | 5.4 Medium |
| The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes. | ||||
| CVE-2024-1686 | 1 Villatheme | 1 Woocommerce Thank You Page Customizer | 2025-01-15 | 5.3 Medium |
| The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order data which may contain PII. | ||||
| CVE-2022-46812 | 1 Villatheme | 1 Woocommerce Thank You Page Customizer | 2025-01-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. | ||||
| CVE-2022-46810 | 1 Villatheme | 1 Woocommerce Thank You Page Customizer | 2025-01-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. | ||||
| CVE-2025-21298 | 2025-01-15 | 9.8 Critical | ||
| Windows OLE Remote Code Execution Vulnerability | ||||
| CVE-2025-21299 | 2025-01-15 | 7.1 High | ||
| Windows Kerberos Security Feature Bypass Vulnerability | ||||
| CVE-2025-21301 | 2025-01-15 | 6.5 Medium | ||
| Windows Geolocation Service Information Disclosure Vulnerability | ||||
| CVE-2025-22799 | 2025-01-15 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.This issue affects Neon Product Designer: from n/a through 2.1.1. | ||||
| CVE-2025-22798 | 2025-01-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer Responsive jQuery Slider allows Stored XSS.This issue affects Responsive jQuery Slider: from n/a through 1.1.1. | ||||
| CVE-2025-22797 | 2025-01-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oğulcan Özügenç Gallery and Lightbox allows Stored XSS.This issue affects Gallery and Lightbox: from n/a through 1.0.14. | ||||
| CVE-2025-22795 | 2025-01-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thorsten Krug Multilang Contact Form allows Reflected XSS.This issue affects Multilang Contact Form: from n/a through 1.5. | ||||
| CVE-2025-22793 | 2025-01-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bold Bold pagos en linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through 3.1.0. | ||||
| CVE-2025-22788 | 2025-01-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codexpert, Inc CoDesigner WooCommerce Builder for Elementor allows Stored XSS.This issue affects CoDesigner WooCommerce Builder for Elementor: from n/a through 4.7.17.2. | ||||
| CVE-2025-22787 | 2025-01-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5. | ||||
| CVE-2025-22786 | 2025-01-15 | 7.5 High | ||
| Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6. | ||||
| CVE-2025-22785 | 2025-01-15 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System allows SQL Injection.This issue affects Course Booking System: from n/a through 6.0.5. | ||||
| CVE-2025-21302 | 2025-01-15 | 8.8 High | ||
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21303 | 2025-01-15 | 8.8 High | ||
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21304 | 2025-01-15 | 7.8 High | ||
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | ||||