Critical vulnerabilities, curated daily for security professionals
🎯 SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
📊
Archived Security Brief
Friday shows moderating disclosure trends as the week closes: 24 critical CVEs (down 4% from Thursday's 25) and 85 high-priority vulnerabilities (down 22% from 109). In total, 364 CVEs were recorded (down 1% versus Thursday). Current patch availability is 22% (up 3 percentage points from Thursday's 19%). CISA maintains 14 KEV vulnerabilities (unchanged from Thursday). With approximately 78% of critical items currently without vendor patches, teams should maintain focus on monitoring and compensating controls heading into the weekend.
24 critical CVEs (-4% decrease from Thursday)
85 high-priority CVEs (-22% decrease)
364 total CVEs (-1% decrease from Thursday)
22% patch availability (+3 points from Thursday)
14 CISA KEV vulnerabilities (unchanged from Thursday)
Approximately 78% of critical vulnerabilities currently lack vendor patches
Immediate action: Recommended actions: Prioritize review of the 24 critical CVEs and the 14 CISA KEV items. For issues without patches, continue applying temporary mitigations (network segmentation, access control hardening, enhanced monitoring). Ensure weekend coverage for critical systems and maintain vendor communication channels for patch timeline updates.
💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove
Section Navigation
⚠️
CISA Known Exploited Vulnerabilities
⚠️ CISA KEVURGENT
CVE-2022-48503
9.5
AppleMultiple Products
⏰ Federal Deadline:November 9, 2025(4 days remaining)
Apple Multiple Products Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-2746
9.5
KenticoXperience CMS
⏰ Federal Deadline:November 9, 2025(4 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-2747
9.5
KenticoXperience CMS
⏰ Federal Deadline:November 9, 2025(4 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-33073
9.5
MicrosoftWindows
⏰ Federal Deadline:November 9, 2025(4 days remaining)
Microsoft Windows SMB Client Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-61884
9.5📝
OracleE-Business Suite
⏰ Federal Deadline:November 9, 2025(4 days remaining)
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-61932
9.5📝
MotexLANSCOPE Endpoint Manager
⏰ Federal Deadline:November 11, 2025(6 days remaining)
Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-54236
9.5📝
AdobeCommerce and Magento
⏰ Federal Deadline:November 13, 2025(8 days remaining)
Adobe Commerce and Magento Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-59287
9.5📝
MicrosoftWindows
⏰ Federal Deadline:November 13, 2025(8 days remaining)
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-6204
9.5
Dassault SystèmesDELMIA Apriso
⏰ Federal Deadline:November 17, 2025(12 days remaining)
Dassault Systèmes DELMIA Apriso Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-6205
9.5📝
Dassault SystèmesDELMIA Apriso
⏰ Federal Deadline:November 17, 2025(12 days remaining)
Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-41244
9.5📝
BroadcomVMware Aria Operations and VMware Tools
⏰ Federal Deadline:November 19, 2025(14 days remaining)
Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-24893
9.5
XWikiPlatform
⏰ Federal Deadline:November 19, 2025(14 days remaining)
XWiki Platform Eval Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-48703
9.5📝
CWPControl Web Panel
⏰ Federal Deadline:November 24, 2025(19 days remaining)
CWP Control Web Panel OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-11371
9.5
GladinetCentreStack and Triofox
⏰ Federal Deadline:November 24, 2025(19 days remaining)
Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
🚨
Critical Vulnerabilities
CVE-2025-6327
10📝
Unrestricted Upload of File with Dangerous Type vulnerability inMultiple Products
Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server.This issue affects King Addons for Eleme...
Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.This issue affects King Addons for Elementor: from n/a through <= 51.1....
CVSS Base9.8
→
CRSSelect profile
CVE-2025-12487
9.8📝
oobaboogaMultiple Products
oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected ins...
CVSS Base9.8
→
CRSSelect profile
CVE-2025-12488
9.8📝
oobaboogaMultiple Products
oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected ins...
CVSS Base9.8
→
CRSSelect profile
CVE-2025-62065
9.9
Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKitMultiple Products
Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.6.5.
CVSS Base9.9
→
CRSSelect profile
CVE-2025-60195
9.8
Incorrect Privilege Assignment vulnerability in Vito Peleg AtarimMultiple Products
Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through <= 4.2.
CVSS Base9.8
→
CRSSelect profile
CVE-2025-62064
9.8
Authentication Bypass Using an Alternate Path or Channel vulnerability inMultiple Products
Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search & Go search-and-go allows Password Recovery Exploitation.This issue affects Search & Go: from n/a through...
CVSS Base9.8
→
CRSSelect profile
CVE-2025-62047
9.9
Unrestricted Upload of File with Dangerous Type vulnerability inMultiple Products
Unrestricted Upload of File with Dangerous Type vulnerability in Case-Themes Case Addons case-addons.This issue affects Case Addons: from n/a through < 1.3.0.
CVSS Base9.9
→
CRSSelect profile
⚠️
High Priority Updates
CVE-2025-60198
8.2📝
WordPressMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion
CVSS Base8.2
→
CRSSelect profile
CVE-2025-60199
8.2📝
WordPressMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx InHype - Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion
CVSS Base8.2
→
CRSSelect profile
CVE-2025-60190
8.1📝
WordPressMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hinnerk Altenburg Immocaster WordPress Plugin immocaster allows PHP Local File Inclusion
CVSS Base8.1
→
CRSSelect profile
CVE-2025-60191
7.5📝
Premmerce PremmerceMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60192
7.5📝
Premmerce PremmerceMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60194
7.5📝
Premmerce PremmerceMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows PHP Local File Inclusion
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60203
7.5📝
Josh Kohlbach StoreMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach Store Exporter woocommerce-exporter allows PHP Local File Inclusion
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60204
7.5📝
Josh KohlbachMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach WooCommerce Store Toolkit woocommerce-store-toolkit allows PHP Local File Inclusion
CVSS Base7.5
→
CRSSelect profile
CVE-2025-37735
7📝
ImproperMultiple Products
Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM
CVSS Base7
→
CRSSelect profile
CVE-2025-12486
8.8📝
HeimdallMultiple Products
Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability
CVSS Base8.8
→
CRSSelect profile
CVE-2025-60197
8.2📝
ImproperMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows PHP Local File Inclusion
CVSS Base8.2
→
CRSSelect profile
CVE-2025-62045
8.1📝
CodexThemes TheGemMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements
CVSS Base8.1
→
CRSSelect profile
CVE-2025-62055
8.1📝
ImproperMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Academist academist
CVSS Base8.1
→
CRSSelect profile
CVE-2025-62067
8.1📝
ImproperMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Savory savory
CVSS Base8.1
→
CRSSelect profile
CVE-2025-64287
8.1📝
ImproperMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Alloggio - Hotel Booking alloggio allows PHP Local File Inclusion
CVSS Base8.1
→
CRSSelect profile
CVE-2025-62053
8
favethemes HouzezMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez
CVSS Base8
→
CRSSelect profile
CVE-2025-60074
7.5
Processby Lazy LoadMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Lazy Load Optimizer lazy-load-optimizer allows PHP Local File Inclusion
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60193
7.5
Premmerce PremmerceMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60196
7.5
ClearblueMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Clearblue Clearblue® Ovulation Calculator clearblue-ovulation-calculator allows PHP Local File Inclusion
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60200
7.5
ThimPress LearnPressMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60201
7.5
aguilatechnologies WPMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60202
7.5
Kyle PhillipsMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion
CVSS Base7.5
→
CRSSelect profile
CVE-2025-64173
7.5
ApolloMultiple Products
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2
CVSS Base7.5
→
CRSSelect profile
CVE-2025-62066
7.4
fuelthemes RevolutionMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Revolution revolution
CVSS Base7.4
→
CRSSelect profile
CVE-2025-62075
7.3
Ido KobelkowskyMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ido Kobelkowsky Simple Payment simple-payment
CVSS Base7.3
→
CRSSelect profile
CVE-2025-63588
7.1
query handling ofMultiple Products
An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request (e
CVSS Base7.1
→
CRSSelect profile
CVE-2025-12197
7.5📝
WordPressMultiple Products
The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6
CVSS Base7.5
→
CRSSelect profile
CVE-2025-12779
8.8📝
WorkSpacesMultiple Products
Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023
CVSS Base8.8
→
CRSSelect profile
CVE-2025-12384
8.6📝
WordPressMultiple Products
The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2
CVSS Base8.6
→
CRSSelect profile
CVE-2025-12497
8.1📝
WordPressMultiple Products
The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2
CVSS Base8.1
→
CRSSelect profile
CVE-2025-12139
7.5📝
GoogleMultiple Products
The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1
CVSS Base7.5
→
CRSSelect profile
CVE-2025-20343
8.6📝
CiscoMultiple Products
A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly
CVSS Base8.6
→
CRSSelect profile
CVE-2025-30479
8.4📝
DellMultiple Products
Dell CloudLink, versions prior to 8
CVSS Base8.4
→
CRSSelect profile
CVE-2025-45379
8.4📝
DellMultiple Products
Dell CloudLink, versions prior to 8
CVSS Base8.4
→
CRSSelect profile
CVE-2025-43990
7.3
DellMultiple Products
Dell Command Monitor (DCM), versions prior to 10
CVSS Base7.3
→
CRSSelect profile
CVE-2025-12490
8.8
NetgateMultiple Products
Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability
CVSS Base8.8
→
CRSSelect profile
CVE-2025-12790
7.4
flawMultiple Products
A flaw was found in Rubygem MQTT
CVSS Base7.4
→
CRSSelect profile
CVE-2025-62630
8.8
insufficientMultiple Products
Due to insufficient sanitization, an attacker can upload a specially
crafted configuration file to traverse directories and achieve remote
code execution with system-level permissions
CVSS Base8.8
→
CRSSelect profile
CVE-2025-55278
8.1📝
ImproperMultiple Products
Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature
CVSS Base8.1
→
CRSSelect profile
CVE-2025-54719
8.8
NooTheme YogiMultiple Products
Deserialization of Untrusted Data vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi allows Object Injection
CVSS Base8.8
→
CRSSelect profile
CVE-2025-62035
8.8
uxper TogoMultiple Products
Deserialization of Untrusted Data vulnerability in uxper Togo togo
CVSS Base8.8
→
CRSSelect profile
CVE-2025-62041
7.1
CodexThemes TheGemMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor) thegem-elementor
CVSS Base7.1
→
CRSSelect profile
CVE-2025-64196
7.1
Pluggabl BoosterMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Reflected XSS
CVSS Base7.1
→
CRSSelect profile
CVE-2025-59171
7.5
insufficientMultiple Products
Due to insufficient sanitization, an attacker can upload a specially
crafted configuration file to traverse directories and achieve remote
code execution with system-level permissions
CVSS Base7.5
→
CRSSelect profile
CVE-2025-10885
7.8
maliciouslyMultiple Products
A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd
CVSS Base8.9
→
CRSSelect profile
CVE-2025-64109
8.8
CursorMultiple Products
Cursor is a code editor built for programming with AI
CVSS Base8.8
→
CRSSelect profile
CVE-2025-21078
8.8
UseMultiple Products
Use of insufficiently random value of secretKey in Smart Switch prior to version 3
CVSS Base8.8
→
CRSSelect profile
CVE-2023-43000
8.8
AMultiple Products
A use-after-free issue was addressed with improved memory management
CVSS Base8.8
→
CRSSelect profile
CVE-2025-12556
8.8
argumentMultiple Products
An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine
CVSS Base8.8
→
CRSSelect profile
CVE-2025-12485
8.8
DevolutionsMultiple Products
Improper privilege management during pre-MFA cookie handling in Devolutions Server 2025
CVSS Base8.8
→
CRSSelect profile
CVE-2025-58423
8.8
insufficientMultiple Products
Due to insufficient sanitization, an attacker can upload a specially
crafted configuration file to cause a denial-of-service condition,
traverse directories, or read/write files, within the context of the
local system account
CVSS Base8.8
→
CRSSelect profile
CVE-2025-10907
8.4
arbitraryMultiple Products
An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services
CVSS Base8.4
→
CRSSelect profile
CVE-2025-11093
8.4
MediatorMultiple Products
An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines
CVSS Base8.4
→
CRSSelect profile
CVE-2025-57130
8.3
user managementMultiple Products
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13
CVSS Base8.3
→
CRSSelect profile
CVE-2025-48090
8.2
PathMultiple Products
Path Traversal: '
CVSS Base8.2
→
CRSSelect profile
CVE-2025-58207
8.2
WP Messiah Ai ImageMultiple Products
Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.2
→
CRSSelect profile
CVE-2025-63307
8.1
alexusmaiMultiple Products
alexusmai laravel-file-manager 3
CVSS Base8.1
→
CRSSelect profile
CVE-2025-10622
8
flawMultiple Products
A flaw was found in Red Hat Satellite (Foreman component)
CVSS Base8
→
CRSSelect profile
CVE-2025-46404
7.5
ouvertMultiple Products
A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2
CVSS Base7.5
→
CRSSelect profile
CVE-2025-46705
7.5
ouvertMultiple Products
A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2
CVSS Base7.5
→
CRSSelect profile
CVE-2025-46784
7.5
ouvertMultiple Products
A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2
CVSS Base7.5
→
CRSSelect profile
CVE-2025-64458
7.5
discoveredMultiple Products
An issue was discovered in 5
CVSS Base7.5
→
CRSSelect profile
CVE-2025-63248
7.5
DWSurveyMultiple Products
DWSurvey 6
CVSS Base7.5
→
CRSSelect profile
CVE-2025-62039
7.5
Ays Pro AI ChatBotMultiple Products
Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data
CVSS Base7.5
→
CRSSelect profile
CVE-2024-25621
7.3
containerdMultiple Products
containerd is an open-source container runtime
CVSS Base7.3
→
CRSSelect profile
CVE-2025-63417
7.2
chatMultiple Products
A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023
CVSS Base7.2
→
CRSSelect profile
CVE-2025-21079
7.1
ImproperMultiple Products
Improper input validation in Samsung Members prior to version 5
CVSS Base7.1
→
CRSSelect profile
CVE-2025-61084
7.1
MailMultiple Products
MDaemon Mail Server 23
CVSS Base7.1
→
CRSSelect profile
CVE-2025-54718
7.1
NooTheme YogiMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi allows Reflected XSS
CVSS Base7.1
→
CRSSelect profile
CVE-2025-54721
7.1
ThimPress Resca rescaMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Resca resca allows Reflected XSS
CVSS Base7.1
→
CRSSelect profile
CVE-2025-54722
7.1
ImproperMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ex-Themes WooTour woo-tour allows Reflected XSS
CVSS Base7.1
→
CRSSelect profile
CVE-2025-54737
7.1
NooTheme JobmonsterMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS
CVSS Base7.1
→
CRSSelect profile
CVE-2025-62031
7.1
tagDiv tagDivMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer
CVSS Base7.1
→
CRSSelect profile
CVE-2025-62036
7.1
uxper TogoMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Togo togo
CVSS Base7.1
→
CRSSelect profile
CVE-2025-62040
7.1
YOP YOP PollMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YOP YOP Poll yop-poll
CVSS Base7.1
→
CRSSelect profile
CVE-2025-62057
7.1
favethemes HouzezMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality
CVSS Base7.1
→
CRSSelect profile
CVE-2025-62059
7.1
BrainstormMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force SureRank surerank
CVSS Base7.1
→
CRSSelect profile
CVE-2025-62074
7.1
AmauriMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amauri WPMobile
CVSS Base7.1
→
CRSSelect profile
CVE-2025-62076
7.1
Ido KobelkowskyMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky Simple Payment simple-payment
CVSS Base7.1
→
CRSSelect profile
CVE-2025-64198
7.1
appscreo Easy SocialMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in appscreo Easy Social Share Buttons easy-social-share-buttons3 allows Reflected XSS
CVSS Base7.1
→
CRSSelect profile
CVE-2025-64224
7.1
ThemeGoods GrandMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS
CVSS Base7.1
→
CRSSelect profile
CVE-2025-64232
7.1
icopydoc Import fromMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS
CVSS Base7.1
→
CRSSelect profile
CVE-2025-63589
7.1
reflectedMultiple Products
A reflected XSS vulnerability exists in CMSimple_XH 1