17282 Total CVEs
8582 AI Analyzed
264 CISA KEV
3488 Critical
All Vendors
Showing 12601-12650 of 17282 CVEs Page 253 of 346
CVE-2025-4855
Analyzed
9.8
WordPress Multiple Products

The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in t...

2025-07-10
CVE-2025-48549
Analyzed
7.8
Unknown Multiple Products

In multiple locations, there is a possible way to record audio via a background app due to a missing permission check

2025-09-04
CVE-2025-48548
Analyzed
7.3
Unknown Multiple Products

In multiple functions of AppOpsControllerImpl

2025-09-04
CVE-2025-48546
7.8
Unknown Multiple Products

In checkPermissions of SafeActivityOptions

2025-09-05
CVE-2025-48544
7.8
Unknown Multiple Products

In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection

2025-09-05
CVE-2025-48543
KEV Analyzed
8.8
Google Multiple Products

In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free

2025-09-04
CVE-2025-48541
Analyzed
7.8
Unknown Multiple Products

In onCreate of FaceSettings

2025-09-04
CVE-2025-48540
Analyzed
7.8
Unknown Multiple Products

In processTransactInternal of RpcState

2025-09-04
CVE-2025-48539
Analyzed
8
SendPacketToPeer Multiple Products

In SendPacketToPeer of acl_arbiter

2025-09-04
CVE-2025-48536
Analyzed
7.8
Unknown Multiple Products

In grantAllowlistedPackagePermissions of SettingsSliceProvider

2025-12-09
CVE-2025-48535
Analyzed
7.8
Unknown Multiple Products

In assertSafeToStartCustomActivity of AppRestrictionsFragment

2025-09-04
CVE-2025-48534
8.8
Unknown Multiple Products

In getDefaultCBRPackageName of CellBroadcastHandler

2025-09-05
CVE-2025-48532
Analyzed
7.3
Unknown Multiple Products

In markMediaAsFavorite of MediaProvider

2025-09-04
CVE-2025-48531
7.8
Unknown Multiple Products

In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code

2025-09-05
CVE-2025-48530
8.1
Unknown Multiple Products

In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check

2025-09-05
CVE-2025-48525
7.8
Unknown Multiple Products

In disassociate of DisassociationProcessor

2025-12-09
CVE-2025-48523
7.8
Unknown Multiple Products

In onCreate of SelectAccountActivity

2025-09-05
CVE-2025-48522
7.8
Unknown Multiple Products

In setDisplayName of AssociationRequest

2025-09-05
CVE-2025-48510
7.1
AMD Multiple Products

Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability

2025-11-25
CVE-2025-48503
7.8
AMD Software Installer

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary...

2026-02-13
CVE-2025-48498
7.5
Unknown Multiple Products

A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8

2025-07-23
CVE-2025-48431
7.5
Apache Thrift

Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings

2026-04-29
CVE-2025-48429
7.4
Grassroot Multiple Products

An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3

2025-12-17
CVE-2025-48397
7.1
Unknown Multiple Products

The privileged user could log in without sufficient credentials after enabling an application protocol

2025-11-04
CVE-2025-48396
Analyzed
8.3
HP Multiple Products

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS

2025-11-04
CVE-2025-48392
7.5
Apache Multiple Products

A vulnerability in Apache IoTDB

2025-09-24
CVE-2025-48384
KEV
8
Git Multiple Products

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full acce...

2025-07-10
CVE-2025-48359
Analyzed
7.1
Unknown Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in thaihavnn07 ATT YouTube Widget allows Stored XSS

2025-08-28
CVE-2025-48353
Analyzed
7.1
WordPress Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in dactum Clickbank WordPress Plugin (Niche Storefront) allows Stored XSS

2025-08-28
CVE-2025-48351
Analyzed
7.1
PluginsPoint Kento Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in PluginsPoint Kento Splash Screen allows Stored XSS

2025-08-28
CVE-2025-48345
7.1
Unknown Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft Contact Form 7 Editor Button allows Refl...

2025-07-16
CVE-2025-48343
Analyzed
7.1
Aaron Axelsen WPMU Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU Ldap Authentication allows Stored XSS

2025-08-28
CVE-2025-48338
Analyzed
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kevon Adonis WP Abstracts wp-...

2025-10-23
CVE-2025-48332
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks...

2025-08-14
CVE-2025-48325
Analyzed
7.1
Unknown Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in shmish111 WP Admin Theme allows Stored XSS

2025-08-28
CVE-2025-48321
Analyzed
7.1
Unknown Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in dyiosah Ultimate twitter profile widget allows Stored XSS

2025-08-28
CVE-2025-48320
Analyzed
7.1
Unknown Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 allows Stored XSS

2025-08-28
CVE-2025-48317
Analyzed
7.5
Intel Multiple Products

Path Traversal vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay allows Path Traversal

2025-09-05
CVE-2025-48311
Analyzed
7.1
OffClicks Invisible Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible Optin allows Stored XSS

2025-08-28
CVE-2025-48309
Analyzed
7.1
Unknown Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in web-able BetPress allows Stored XSS

2025-08-28
CVE-2025-48308
Analyzed
7.1
Unknown Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in nonletter Newsletter subscription optin module allows Stored XSS

2025-08-28
CVE-2025-48307
Analyzed
7.1
Unknown Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao SEO For Images allows Stored XSS

2025-08-28
CVE-2025-48306
Analyzed
7.1
Unknown Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in developers savyour Savyour Affiliate Partner allows Stored XSS

2025-08-28
CVE-2025-48304
Analyzed
7.1
Google Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin allows Stored XSS

2025-08-28
CVE-2025-48302
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine allows PHP...

2025-08-20
CVE-2025-48301
7.6
YayCommerce SMTP Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid – YaySMTP allows S...

2025-07-16
CVE-2025-48300
Analyzed
9.1
HP Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg allows Upload a Web Shell to a Web Server. This issue affects...

2025-07-16
CVE-2025-48299
7.6
YayCommerce YayExtra Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayExtra allows SQL Injection

2025-07-16
CVE-2025-48298
7.5
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Benjamin Denis SEOPress for M...

2025-08-20
CVE-2025-48297
7.1
Unknown Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory allows Reflec...

2025-08-20