363761 matches found
CVE-2025-69124
Unauthenticated Local File Inclusion in Especio = 1.0 versions...
CVE-2025-69122
Unauthenticated PHP Object Injection in SeaFood Company = 1.4 versions...
CVE-2025-69131
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2025-69117
Unauthenticated Local File Inclusion in Ingenioso = 1.14.0 versions...
CVE-2025-69112
Unauthenticated Local File Inclusion in Planty = 1.14.0 versions...
CVE-2025-69114
Unauthenticated Local File Inclusion in MaxiNet = 1.2.10 versions...
CVE-2025-69118
Unauthenticated Local File Inclusion in CopyPress = 1.4.5 versions...
CVE-2025-69113
Unauthenticated Local File Inclusion in Nexio = 1.10.0 versions...
CVE-2025-69119
Unauthenticated Local File Inclusion in Corbesier = 1.15.0 versions...
CVE-2025-69116
Unauthenticated Local File Inclusion in Iona = 1.0.8 versions...
CVE-2025-69109
Unauthenticated Local File Inclusion in Raider Spirit = 1.1.2 versions...
CVE-2025-69103
Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...
CVE-2025-69104
Unauthenticated Cross Site Scripting XSS in Qreatix = 1.9.4 versions...
CVE-2025-69105
Unauthenticated Local File Inclusion in Modernee = 1.6.0 versions...
CVE-2025-69107
Unauthenticated Local File Inclusion in Rosaleen = 2.8 versions...
CVE-2025-69110
Unauthenticated Local File Inclusion in AirSupply = 2.0.0 versions...
CVE-2025-69108
Unauthenticated PHP Object Injection in Hot Coffee = 1.7 versions...
CVE-2025-59872
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system command...
CVE-2025-60205
Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...
CVE-2025-59563
Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...
CVE-2025-60085
Unauthenticated Local File Inclusion in Learnify = 1.15.0 versions...
CVE-2025-60218
Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...
CVE-2025-60223
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...
CVE-2025-62340
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity...
CVE-2025-49403
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...
CVE-2025-58952
Unauthenticated Local File Inclusion in Neuronet 1.14.0 versions...
CVE-2025-58953
Unauthenticated Local File Inclusion in Joly = 1.22.0 versions...
CVE-2025-59560
Unauthenticated Cross Site Scripting XSS in Sonaar = 4.27.4 versions...
CVE-2025-58924
Unauthenticated Local File Inclusion in Geya = 1.15 versions...
CVE-2025-48640
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48643
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-58954
Unauthenticated Local File Inclusion in HomeRoofer = 2.11.0 versions...
CVE-2025-15641
Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...
CVE-2025-31013
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6...
CVE-2025-15642
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...
CVE-2025-48571
In multiple functions of btmsec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-48617
In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-34810
Cross-Site request forgery CSRF vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10...
CVE-2024-37210
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5...
CVE-2024-37496
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7...
CVE-2024-49269
Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...
CVE-2024-52488
Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...
CVE-2024-35690
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1...
CVE-2024-35648
Cross-Site request forgery CSRF vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0...
CVE-2024-33909
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1...
CVE-2024-32729
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8...
CVE-2024-33685
Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1...
CVE-2024-31435
: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6...
CVE-2024-32949
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8...
CVE-2024-24709
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11...