6.1

CVSS3.1

CVE-2025-55757 - Extension - virtuemart.net - XSS in VirtueMart component 1.0.0 - 4.4.10 for Joomla

A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered.

πŸ“… Published: Oct. 25, 2025, 6:34 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

2.1

CVSS4.0

CVE-2025-12221 - CSRF Token not Properly Implemented

Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Oct. 25, 2025, 3:57 p.m. πŸ”„ Last Modified: Nov. 7, 2025, 2:08 a.m.

10

CVSS4.0

CVE-2025-12220 - Busybox 1.31.1 - Multiple Known Vulnerabilities

Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Oct. 25, 2025, 3:53 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 3 p.m.

10

CVSS4.0

CVE-2025-12219 - Vulnerable Components in Azure Access OS

Vulnerable Components in Azure Access OS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Oct. 25, 2025, 3:51 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 3:02 p.m.

10

CVSS4.0

CVE-2025-12218 - Weak Default Credentials

Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Oct. 25, 2025, 3:47 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 3:03 p.m.

6.9

CVSS4.0

CVE-2025-12217 - SNMP Default Community String (public)

SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Oct. 25, 2025, 3:39 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 3:03 p.m.

10

CVSS4.0

CVE-2025-12216 - Malicious / Malformed App can be Installed but not Uninstalled

Malicious / Malformed App can be Installed but not Uninstalled/may lead to unavailability.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Oct. 25, 2025, 3:33 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 3:04 p.m.

6.4

CVSS3.1

CVE-2025-11897 - The7 β€” Ultimate WordPress & WooCommerce Theme <= 12.9.1 - Authenticated (Contributor+) Stored Cross…

The The7 β€” Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜ the7_fancy_title_css’ parameter in all versions up to, and including, 12.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authe…

πŸ“… Published: Oct. 25, 2025, 12:26 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2025-11875 - SpendeOnline.org <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The SpendeOnline.org plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spendeonline' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat…

πŸ“… Published: Oct. 25, 2025, 6:49 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2025-11976 - FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, Act…

The FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the save_…

πŸ“… Published: Oct. 25, 2025, 6:49 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 345149
Page 2881 of 34,515
Β« previous page Β» next page
Filters