Skip to main content
CVE-2025-46473 HIGH This Week

Deserialization of Untrusted Data vulnerability in djjmz Social Counter allows Object Injection.0.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-3872 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-46502 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta allows Cross Site Request Forgery.3.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46499 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder PayPal Express Checkout allows Stored XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46478 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaloha Dropdown Content allows Stored XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46449 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46234 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Razib Control Listings allows Reflected XSS.0.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39408 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress BruteGuard - Brute Force Login Protection allows Reflected XSS.1.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39397 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus@hotmail.com Anything Popup allows Reflected XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39382 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-37534 HIGH This Week

Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hcl Leap
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39400 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Reflected XSS. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46530 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment allows Stored XSS.3.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46528 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar allows Stored XSS.2.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46524 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter Post Category allows Stored XSS.1.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46522 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs allows Stored XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46520 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46516 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator allows Stored XSS.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46514 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup allows Stored XSS.3.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46512 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46510 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46508 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced lazy load allows Stored XSS.6.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46507 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes allows Stored XSS.1.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46506 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon - Amazon Affiliate Plugin allows Reflected XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46504 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code allows Stored XSS.2.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46497 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics allows Stored XSS.3.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46492 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46466 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls allows Stored XSS.0.10. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46465 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in John Weissberg Print Science Designer allows Stored XSS.3.155. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46457 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in digontoahsan Wp Custom CMS Block allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46452 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS.5.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46450 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows Stored XSS.0.3.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46442 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator allows Stored XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46435 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored XSS.2.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-39381 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS.8.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-46421 MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2025-32730 MEDIUM This Month

Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network system for i-PRO Co., Ltd. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-46420 MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2025-30408 MEDIUM This Month

Local privilege escalation due to insecure folder permissions. Rated medium severity (CVSS 6.7). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2025-35965 MEDIUM PATCH This Month

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mattermost Server Suse
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-0639 MEDIUM This Month

An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-29529 MEDIUM This Month

ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30147 MEDIUM This Month

Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hcl Leap
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-3280 MEDIUM This Month

The ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value_filter' parameter in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-46542 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeXpert Xpert Tab allows Stored XSS.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-46540 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Mok GNA Search Shortcode allows Stored XSS.9.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-46538 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webplanetsoft Inline Text Popup allows DOM-Based XSS.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-46536 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RichardHarrison Carousel-of-post-images allows DOM-Based XSS.07. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-46534 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DanielRiera Image Style Hover allows DOM-Based XSS.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-46532 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haris Zulfiqar Tooltip allows DOM-Based XSS.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy