Skip to main content
CVE-2025-48241 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS.9.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-47680 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags allows Reflected XSS.12.06. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-47678 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS.4.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-47673 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected XSS.1.16. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-47618 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator allows Reflected XSS.2.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-47613 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS.0.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-47611 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khaled User Meta allows Reflected XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-47458 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in B2itech B2i Investor Tools allows Reflected XSS.0.7.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46537 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ctltwp Section Widget allows Reflected XSS.3.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46526 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janekniefeldt My Custom Widgets allows Reflected XSS.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46515 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Category Widget allows Reflected XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46487 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sftranna EC Authorize.net allows Reflected XSS.net: from n/a through 0.3.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46456 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Sliders allows Reflected XSS.2.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46448 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reifsnyderb Document Management System allows Reflected XSS.24. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46446 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanrojas Libro de Reclamaciones allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46440 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark kStats Reloaded allows Reflected XSS.7.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46437 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tayoricom Tayori Form allows Reflected XSS.2.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39505 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hotel allows Reflected XSS.1.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39502 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hostel allows Reflected XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32285 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Butcher allows Reflected XSS.40. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31636 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SaurabhSharma WP Post Modules for Elementor allows Reflected XSS.5.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-46488 HIGH This Week

Missing Authorization vulnerability in dastan800 Visual Builder allows Reflected XSS.2.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-43860 HIGH POC This Month

OpenEMR is a free and open source electronic health records and medical practice management application. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openemr
NVD GitHub
CVSS 3.1
7.6
EPSS
0.9%
CVE-2025-32794 HIGH POC This Month

OpenEMR is a free and open source electronic health records and medical practice management application. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openemr
NVD GitHub
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-24917 HIGH This Month

In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Authentication Bypass Privilege Escalation Nessus Network Monitor +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24916 HIGH This Month

When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Authentication Bypass Privilege Escalation Nessus Network Monitor Windows
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-1123 HIGH This Month

The Solid Mail - SMTP email and logging made by SolidWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email Name, Subject, and Body in all versions up to, and including, 2.1.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-3893 HIGH This Month

While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-36527 HIGH This Month

Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Manageengine Adaudit Plus
NVD
CVSS 3.1
8.3
EPSS
1.1%
CVE-2024-13945 HIGH This Month

Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
CVSS 4.0
8.4
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy