17282 Total CVEs
8582 AI Analyzed
264 CISA KEV
3488 Critical
All Vendors
Showing 12451-12500 of 17282 CVEs Page 250 of 346
CVE-2025-49459
7.8
Microsoft Multiple Products

Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6

2025-09-09
CVE-2025-49457
Analyzed
9.6
Microsoft Multiple Products

Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access

2025-08-12
CVE-2025-49438
7.2
Max Chirkov Simple Multiple Products

Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection

2025-08-20
CVE-2025-49417
Analyzed
9.8
Unknown Multiple Products

Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action allows Object Injection. This issue affects WooCom...

2025-07-06
CVE-2025-49414
Analyzed
10
Unknown Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery allows Using Malicious Files. This issue affects FW Gallery: f...

2025-07-06
CVE-2025-49407
Analyzed
7.1
Unknown Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS

2025-08-28
CVE-2025-49405
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez allows PHP...

2025-08-28
CVE-2025-49404
Analyzed
8.5
Unknown Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in purethemes Listeo-Core allows SQL Injection

2025-08-28
CVE-2025-49401
Analyzed
9.8
HP Multiple Products

Deserialization of Untrusted Data vulnerability in ExpressTech Systems Quiz And Survey Master allows Object Injection. This issue affects Quiz And Sur...

2025-09-05
CVE-2025-49399
8.8
Basix Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms allows Cross Site Request Forgery

2025-08-20
CVE-2025-49388
Analyzed
9.8
Unknown Multiple Products

Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin allows Privilege Escalation. This issue affects Miraculous Core Pl...

2025-08-28
CVE-2025-49387
Analyzed
10
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Upload a Web Shell t...

2025-08-28
CVE-2025-49383
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Neresa allows PHP L...

2025-08-28
CVE-2025-49382
Analyzed
8.8
WordPress Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme allows Privilege Escalation

2025-08-20
CVE-2025-49381
Analyzed
9.6
Unknown Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect allows Cross Site Request Forgery. This issue affects ads.txt Gur...

2025-08-20
CVE-2025-49378
8.5
Themefic Hydra Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL...

2025-10-23
CVE-2025-49377
7.5
Themefic Hydra Multiple Products

Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels

2025-10-22
CVE-2025-49376
7.5
DELUCKS DELUCKS SEO Multiple Products

Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs

2025-10-22
CVE-2025-49371
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Strux strux allo...

2025-12-19
CVE-2025-49370
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Lymcoin lymcoin...

2025-12-19
CVE-2025-49369
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Lettuce lettuce...

2025-12-19
CVE-2025-49368
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Palladio palladi...

2025-12-19
CVE-2025-49367
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Monyxi monyxi al...

2025-12-19
CVE-2025-49366
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hanani hanani al...

2025-12-19
CVE-2025-49365
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Jack Well jack-w...

2025-12-19
CVE-2025-49364
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ludos Paradise l...

2025-12-19
CVE-2025-49363
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Kings & Queens k...

2025-12-19
CVE-2025-49362
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gracioza gracioz...

2025-12-19
CVE-2025-49361
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mamita mamita al...

2025-12-19
CVE-2025-49360
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Militarology mil...

2025-12-19
CVE-2025-49359
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ShieldGroup shie...

2025-12-19
CVE-2025-49354
7.1
Mindstien Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Mindstien Technologies Recent Posts From Each Category allows Stored XSS

2026-01-01
CVE-2025-49353
7.1
Marcin Kijak Noindex Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Marcin Kijak Noindex by Path allows Stored XSS

2026-01-01
CVE-2025-49346
7.1
Peter Sterling Simple Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Simple Archive Generator allows Stored XSS

2026-01-01
CVE-2025-49345
7.1
Unknown Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives allows Stored XSS

2026-01-01
CVE-2025-49344
7.1
Rene Ade Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Rene Ade SensitiveTagCloud allows Stored XSS

2026-01-01
CVE-2025-49343
7.1
Socialprofilr Social Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Socialprofilr Social Profilr allows Stored XSS

2026-01-01
CVE-2025-49342
7.1
Wolfgang Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Wolfgang Häfelinger Custom Style allows Stored XSS

2026-01-01
CVE-2025-49302
Analyzed
10
Unknown Multiple Products

Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. This issue affects...

2025-07-06
CVE-2025-49271
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GravityWP GravityWP - Merge T...

2025-08-14
CVE-2025-49267
8.5
Shabti Kaplan Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allow...

2025-08-14
CVE-2025-49264
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services...

2025-08-14
CVE-2025-49201
8.1
Fortinet Multiple Products

A weak authentication in Fortinet FortiPAM 1

2025-10-14
CVE-2025-49145
8.7
Combodo Multiple Products

Combodo iTop is a web based IT service management tool

2025-11-11
CVE-2025-49113
KEV
9.5
Roundcube Webmail

RoundCube Webmail Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.

2026-02-21
CVE-2025-49090
7.1
Unknown Multiple Products

The Matrix specification before 1

2025-10-02
CVE-2025-49070
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi allows PHP L...

2025-07-06
CVE-2025-49060
Analyzed
10
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web Server.This issue aff...

2025-10-23
CVE-2025-49059
Analyzed
9.3
Unknown Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP allows SQL Injectio...

2025-08-14
CVE-2025-49036
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addo...

2025-08-14