Skip to main content
CVE-2025-31924 HIGH This Week

Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts allows Object Injection.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-47492 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Path Traversal.4.3. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2025-47690 HIGH This Week

Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-47631 HIGH This Week

Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation.0(20 through 11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-47461 HIGH This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in mediaticus Subaccounts for WooCommerce allows Authentication Abuse.6.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-34873 HIGH This Week

On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump feature does not properly validate input, which allows authenticated users to execute code. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2022-31812 HIGH This Week

A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Denial Of Service Sipass Integrated
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-41377 HIGH This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-47535 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation allows Path Traversal.2.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2025-47512 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan Tainacan allows Path Traversal.21.14. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2025-47575 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows SQL Injection.0.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-47478 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection.9.5.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-46463 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv allows SQL Injection.0.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-41407 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Manageengine Adaudit Plus
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2025-39536 HIGH This Week

Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels.6. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2025-46458 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows SQL Injection.0.3.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi CSRF
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-48292 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster allows PHP Local File Inclusion.3.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-47672 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange miniOrange Discord Integration allows PHP Local File Inclusion.2.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-47670 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register allows PHP Local File. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI WordPress PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-47453 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes WP Smart Import allows PHP Local File Inclusion.1.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-47438 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion.3.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-46474 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SEUR OFICIAL SEUR Oficial allows PHP Local File Inclusion.2.23. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-46444 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scripteo Ads Pro Plugin allows PHP Local File Inclusion.88. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-39506 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion.3.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-39494 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër allows PHP Local File Inclusion. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-39490 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler allows PHP Local File Inclusion.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-32309 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul allows PHP Local File Inclusion.0.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-32302 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Winnex allows PHP Local File Inclusion.3.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-32294 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Oxpitan allows PHP Local File Inclusion.3.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-32289 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Yozi allows PHP Local File Inclusion.0.52. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-32286 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Butcher allows PHP Local File Inclusion.40. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-31913 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Ogami allows PHP Local File Inclusion.53. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-31912 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Enzio - Responsive Business WordPress Theme allows PHP Local File. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI WordPress PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-31633 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI WordPress PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-31632 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom allows PHP Local File Inclusion.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-31064 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Vizeon - Business Consulting allows PHP Local File Inclusion.1.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-31060 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Capie allows PHP Local File Inclusion.0.40. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-31053 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in quantumcloud KBx Pro Ultimate allows Path Traversal.0.5. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2025-47671 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan allows SQL Injection.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2025-46454 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in svil4ok Meta Keywords &amp; Description allows PHP Local File Inclusion.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-48273 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-47603 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo allows Path Traversal.12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-47541 HIGH This Week

Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint allows Retrieve Embedded Sensitive Data.17.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-47558 HIGH This Week

Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Accessing Functionality Not Properly Constrained by ACLs.6.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-48286 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS.1209. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-48245 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows Reflected XSS.2.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-48241 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS.9.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-47680 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags allows Reflected XSS.12.06. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-47678 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS.4.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-47673 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected XSS.1.16. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy