17282 Total CVEs
8582 AI Analyzed
264 CISA KEV
3488 Critical
All Vendors
Showing 12651-12700 of 17282 CVEs Page 254 of 346
CVE-2025-48296
7.1
Unknown Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup UpStore allows Reflected XSS

2025-08-20
CVE-2025-48293
Analyzed
9.8
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup allows...

2025-08-14
CVE-2025-48291
7.1
Wasiliy Strecker Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Cont...

2025-07-16
CVE-2025-4828
Analyzed
9.8
WordPress Multiple Products

The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sb_file_delete functio...

2025-07-10
CVE-2025-4822
Analyzed
9.8
Unknown Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allo...

2025-07-25
CVE-2025-48208
8.8
Apache Multiple Products

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat

2025-09-10
CVE-2025-48171
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store allows PHP...

2025-08-20
CVE-2025-48170
7.1
LambertGroup Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for...

2025-08-20
CVE-2025-48169
Analyzed
9.9
Unknown Multiple Products

Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine allows Remote Code Inclusion. This issue affects Cod...

2025-08-20
CVE-2025-48168
7.1
LambertGroup Apollo Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Au...

2025-08-20
CVE-2025-48165
8.8
DELUCKS DELUCKS SEO Multiple Products

Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO allows Privilege Escalation

2025-08-20
CVE-2025-48164
8.8
Brainstorm Multiple Products

Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash allows Privilege Escalation

2025-08-20
CVE-2025-48163
7.1
LambertGroup SHOUT Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT - HTML5 Radio Player With Ads...

2025-08-20
CVE-2025-48162
7.1
Unknown Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Business Directory Pro allow...

2025-08-20
CVE-2025-48161
7.6
YayCommerce YaySMTP Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection

2025-07-16
CVE-2025-48160
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris allows PHP...

2025-08-20
CVE-2025-48159
7.1
LambertGroup Youtube Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slid...

2025-08-20
CVE-2025-48158
8.6
Alex Githatu Multiple Products

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field al...

2025-08-20
CVE-2025-48157
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality allo...

2025-08-20
CVE-2025-48154
7.1
LambertGroup Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon fo...

2025-08-20
CVE-2025-48153
7.1
Atakan Au Import Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images allows Stored XSS

2025-07-16
CVE-2025-48152
7.1
Unknown Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dimafreund Rentsyst allows Reflected XSS

2025-08-20
CVE-2025-48151
7.1
Unknown Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations allows R...

2025-08-20
CVE-2025-48149
Analyzed
8.1
HP Multiple Products

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal allows PHP L...

2025-08-20
CVE-2025-48148
Analyzed
10
Unknown Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Using Malicious Files. This issue...

2025-08-20
CVE-2025-48142
8.8
Saad Iqbal Bookify Multiple Products

Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify allows Privilege Escalation

2025-08-20
CVE-2025-48109
Analyzed
7.1
Xavier Media Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup allows Stored XSS

2025-08-28
CVE-2025-48107
7.1
Unknown Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undsgn Uncode allows Reflected XSS

2025-09-26
CVE-2025-48106
Analyzed
10
Unknown Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue affects Clanor...

2025-10-23
CVE-2025-48101
Analyzed
8.8
WordPress Multiple Products

Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection

2025-09-09
CVE-2025-48100
Analyzed
9.1
Unknown Multiple Products

Improper Control of Generation of Code ('Code Injection') vulnerability in extremeidea bidorbuy Store Integrator allows Remote Code Inclusion. This is...

2025-08-28
CVE-2025-48091
8.5
Alexander AnyComment Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injec...

2025-10-23
CVE-2025-48090
8.2
Path Multiple Products

Path Traversal: '

2025-11-06
CVE-2025-48082
7.5
Progress Planner Multiple Products

Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation

2025-10-22
CVE-2025-48065
8.8
Combodo Multiple Products

Combodo iTop is a web based IT service management tool

2025-11-11
CVE-2025-48055
8.5
Combodo Multiple Products

Combodo iTop is a web based IT service management tool

2025-11-11
CVE-2025-48008
7.5
Unknown Multiple Products

When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker...

2025-10-16
CVE-2025-48006
Analyzed
8.2
Intel Multiple Products

Improper restriction of XML external entity reference issue exists in DataSpider Servista 4

2025-09-29
CVE-2025-48005
Analyzed
9.8
Unknown Multiple Products

A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819...

2025-08-25
CVE-2025-47998
8.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network

2025-07-08
CVE-2025-47987
7.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally

2025-07-10
CVE-2025-47986
8.8
Unknown Multiple Products

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally

2025-07-08
CVE-2025-47985
7.8
Microsoft Multiple Products

Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally

2025-07-10
CVE-2025-47982
7.8
Microsoft Multiple Products

Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally

2025-07-10
CVE-2025-47981
Analyzed
9.8
Microsoft Multiple Products

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

2025-07-08
CVE-2025-47976
7.8
Microsoft Multiple Products

Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally

2025-07-10
CVE-2025-47973
7.8
Unknown Multiple Products

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally

2025-07-10
CVE-2025-47972
8
Microsoft Multiple Products

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorize...

2025-07-10
CVE-2025-47971
7.8
Unknown Multiple Products

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally

2025-07-10
CVE-2025-4796
Analyzed
8.8
WordPress Multiple Products

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4

2025-08-08