Cat Runner\ CVEs and Security Vulnerabilities

Search

Expected end of text, found ':' (at char 6), (line:1, col:7)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (312135 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-60127	2 Artistscope, Wordpress	2 Copysafe Web Protection, Wordpress	2025-09-29	5.4 Medium
Missing Authorization vulnerability in ArtistScope CopySafe Web Protection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CopySafe Web Protection: from n/a through 4.3.
CVE-2025-60154	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jennifer Moss MWW Disclaimer Buttons allows Stored XSS. This issue affects MWW Disclaimer Buttons: from n/a through 3.41.
CVE-2025-60165	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7.
CVE-2025-60171	3 Woocommerce, Wordpress, Yourplugins	3 Woocommerce, Wordpress, Conditional Cart Messages For Woocommerce	2025-09-29	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com allows Stored XSS. This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through 1.2.10.
CVE-2025-60113	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in grooni Groovy Menu allows Cross Site Request Forgery. This issue affects Groovy Menu: from n/a through 1.4.3.
CVE-2025-60167	3 Elementor, Honzat, Wordpress	3 Elementor, Page Manager For Elementor, Wordpress	2025-09-29	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Page Manager for Elementor: from n/a through 2.0.5.
CVE-2025-60146	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amit Verma Map Categories to Pages allows Stored XSS. This issue affects Map Categories to Pages: from n/a through 1.3.2.
CVE-2025-60158	3 Webmaniabr, Woocommerce, Wordpress	3 Nota Fiscal Eletronica, Woocommerce, Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce allows Stored XSS. This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through 3.4.0.6.
CVE-2025-60149	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Ott Notely allows Stored XSS. This issue affects Notely: from n/a through 1.8.0.
CVE-2025-60161	1 Wordpress	1 Wordpress	2025-09-29	5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in bdthemes ZoloBlocks allows Server Side Request Forgery. This issue affects ZoloBlocks: from n/a through 2.3.9.
CVE-2025-60159	3 Webmaniabr, Woocommerce, Wordpress	3 Nota Fiscal Eletronica, Woocommerce, Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through 3.4.0.6.
CVE-2025-60129	1 Wordpress	1 Wordpress	2025-09-29	5.3 Medium
Missing Authorization vulnerability in Yext Yext allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yext: from n/a through 1.1.3.
CVE-2025-60114	1 Wordpress	1 Wordpress	2025-09-29	6.6 Medium
Improper Control of Generation of Code ('Code Injection') vulnerability in YayCommerce YayCurrency allows Code Injection. This issue affects YayCurrency: from n/a through 3.2.
CVE-2025-60128	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in WP Delicious Delisho allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delisho: from n/a through 1.1.3.
CVE-2025-60142	1 Wordpress	1 Wordpress	2025-09-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaganLev Simple Meta Tags allows DOM-Based XSS. This issue affects Simple Meta Tags: from n/a through 1.5.
CVE-2025-60124	1 Wordpress	1 Wordpress	2025-09-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Hellyer Simple Colorbox allows Stored XSS. This issue affects Simple Colorbox: from n/a through 1.6.1.
CVE-2025-60136	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj User Notes allows Stored XSS. This issue affects User Notes: from n/a through 1.0.2.
CVE-2025-60143	2 Netgsm, Wordpress	2 Netgsm, Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in netgsm Netgsm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netgsm: from n/a through 2.9.58.
CVE-2025-60172	1 Wordpress	1 Wordpress	2025-09-29	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk Digital allows Stored XSS. This issue affects Flytedesk Digital: from n/a through 20181101.
CVE-2025-11016	1 Kalcaddle	1 Kodbox	2025-09-29	4.3 Medium
A security vulnerability has been detected in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of the argument path leads to path traversal. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

« first previous Page 46 of 15607. next last »