17282 Total CVEs
8582 AI Analyzed
264 CISA KEV
3488 Critical
All Vendors
Showing 14901-14950 of 17282 CVEs Page 299 of 346
CVE-2025-13002
8.2
Farktor Software Multiple Products

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc

2026-02-13
CVE-2025-13000
Analyzed
7.7
WordPress Multiple Products

The db-access WordPress plugin through 0

2025-12-03
CVE-2025-12995
Analyzed
8.1
Unknown Multiple Products

Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determin...

2025-12-05
CVE-2025-12985
8.4
IBM Multiple Products

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running...

2026-01-21
CVE-2025-12981
Analyzed
9.8
WordPress is vulnerable

The Listee theme for WordPress allows unauthenticated registration as an Administrator due to a broken validation check in the listee-core plugin's re...

2026-02-27
CVE-2025-12980
Analyzed
7.5
WordPress Multiple Products

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a m...

2025-12-21
CVE-2025-12977
Analyzed
9.1
Fluent Bit Multiple Products

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to w...

2025-11-25
CVE-2025-12974
8.1
WordPress Multiple Products

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechan...

2025-11-19
CVE-2025-12973
Analyzed
7.2
WordPress Multiple Products

The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing...

2025-11-22
CVE-2025-12970
Analyzed
8.8
Docker Multiple Products

The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length

2025-11-25
CVE-2025-12968
Analyzed
8.8
WordPress Multiple Products

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all vers...

2025-12-13
CVE-2025-12967
Analyzed
8
Unknown Multiple Products

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role

2025-11-11
CVE-2025-12966
Analyzed
8.8
WordPress Multiple Products

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolve_import_di...

2025-12-07
CVE-2025-12963
Analyzed
9.8
WordPress Multiple Products

The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for WordPress is vulnerable to privilege escalation via ac...

2025-12-13
CVE-2025-12957
Analyzed
8.8
WordPress Multiple Products

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4

2026-01-16
CVE-2025-12956
8.7
Unknown Multiple Products

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Releas...

2025-12-09
CVE-2025-12955
Analyzed
7.5
WordPress Multiple Products

The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2

2025-11-19
CVE-2025-12938
7.3
Admission Multiple Products

A vulnerability was identified in projectworlds Online Admission System 1

2025-11-11
CVE-2025-12934
Analyzed
8.1
WordPress Multiple Products

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capabi...

2025-12-24
CVE-2025-12929
7.3
Unknown Multiple Products

A flaw has been found in SourceCodester Survey Application System 1

2025-11-11
CVE-2025-12928
7.3
Search Multiple Products

A vulnerability was detected in code-projects Online Job Search Engine 1

2025-11-11
CVE-2025-12925
7.3
Unknown Multiple Products

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224

2025-11-11
CVE-2025-12904
Analyzed
7.2
WordPress Multiple Products

The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insert_data' AJAX endpoint in all versions up...

2025-11-15
CVE-2025-12903
7.5
WordPress Multiple Products

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-b...

2025-11-14
CVE-2025-12886
7.2
WordPress is vulnerable

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6

2026-03-29
CVE-2025-12882
Analyzed
9.8
WordPress is vulnerable

The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation, allowing unauthenticated users to register themselves with the 'admi...

2026-02-20
CVE-2025-12879
Analyzed
8.8
WordPress Multiple Products

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1

2025-12-06
CVE-2025-12871
Analyzed
9.8
Unknown Multiple Products

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access toke...

2025-11-13
CVE-2025-12870
Analyzed
9.8
Unknown Multiple Products

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain...

2025-11-13
CVE-2025-12868
Analyzed
9.8
Unknown Multiple Products

New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the...

2025-11-11
CVE-2025-12867
Analyzed
7.2
HP Multiple Products

EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell ba...

2025-11-11
CVE-2025-12866
Analyzed
9.8
Unknown Multiple Products

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-...

2025-11-11
CVE-2025-12865
Analyzed
8.8
Microsoft Multiple Products

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to...

2025-11-11
CVE-2025-12864
Analyzed
8.8
Microsoft Multiple Products

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to...

2025-11-11
CVE-2025-12863
7.5
Unknown Multiple Products

A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library

2025-11-08
CVE-2025-12851
Analyzed
8.1
WordPress Multiple Products

The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3

2025-12-06
CVE-2025-12850
Analyzed
7.5
WordPress Multiple Products

The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 3

2025-12-06
CVE-2025-12846
8.8
WordPress Multiple Products

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2

2025-11-13
CVE-2025-12845
8.8
WordPress is vulnerable

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data th...

2026-02-20
CVE-2025-12844
Analyzed
7.1
HP Multiple Products

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3

2025-11-14
CVE-2025-12840
7.8
Academy Multiple Products

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

2025-12-24
CVE-2025-12839
7.8
Academy Multiple Products

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

2025-12-24
CVE-2025-12835
Analyzed
7.3
WordPress Multiple Products

The WooMulti WordPress plugin through 17 does not validate a file parameter when deleting files, which could allow any authenticated users, such as su...

2025-12-14
CVE-2025-12824
Analyzed
8.8
WordPress Multiple Products

The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1

2025-12-13
CVE-2025-12821
8.8
WordPress is vulnerable

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0

2026-02-20
CVE-2025-12819
7.5
PgBouncer Multiple Products

Untrusted search path in auth_query connection handler in PgBouncer before 1

2025-12-03
CVE-2025-12816
Analyzed
8.6
Unknown Multiple Products

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1

2025-11-26
CVE-2025-12805
8.1
Red Hat OpenShift AI

A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator

2026-03-28
CVE-2025-12790
7.4
Unknown Multiple Products

A flaw was found in Rubygem MQTT

2025-11-06
CVE-2025-12779
Analyzed
8.8
Linux Multiple Products

Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023

2025-11-06