4.3

CVSS3.1

CVE-2025-3851 - Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Su…

The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit…

πŸ“… Published: May 7, 2025, 1:43 a.m. πŸ”„ Last Modified: May 7, 2025, 2:13 p.m.

5.3

CVSS3.1

CVE-2025-2821 - Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding con…

πŸ“… Published: May 7, 2025, 1:43 a.m. πŸ”„ Last Modified: April 8, 2026, 4:41 p.m.

6.5

CVSS3.1

CVE-2025-3853 - WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber…

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and ab…

πŸ“… Published: May 7, 2025, 1:43 a.m. πŸ”„ Last Modified: July 13, 2025, 11:31 a.m.

5.4

CVSS3.1

CVE-2025-3218 - IBM i improper certificate validation

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access t…

πŸ“… Published: May 7, 2025, 1:10 a.m. πŸ”„ Last Modified: Sept. 1, 2025, 12:35 a.m.

7.5

CVSS3.1

CVE-2025-29448 -

Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability.

πŸ“… Published: May 7, 2025, midnight πŸ”„ Last Modified: Jan. 28, 2026, 5:45 p.m.

4.5

CVSS3.1

CVE-2025-47203 -

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.

πŸ“… Published: May 7, 2025, midnight πŸ”„ Last Modified: June 23, 2025, 7:31 p.m.

5.8

CVSS3.1

CVE-2025-47423 -

Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.

πŸ“… Published: May 7, 2025, midnight πŸ”„ Last Modified: June 23, 2025, 7:31 p.m.

6.1

CVSS3.1

CVE-2025-29746 -

Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components

πŸ“… Published: May 7, 2025, midnight πŸ”„ Last Modified: June 16, 2025, 7:37 p.m.

5.4

CVSS3.1

CVE-2025-29153 -

SQL Injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the Data export, filters functions.

πŸ“… Published: May 7, 2025, midnight πŸ”„ Last Modified: July 9, 2025, 1:30 a.m.

6.5

CVSS3.1

CVE-2025-45514 -

Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm.

πŸ“… Published: May 7, 2025, midnight πŸ”„ Last Modified: May 27, 2025, 2:22 p.m.
Total resulsts: 343919
Page 5002 of 34,392
Β« previous page Β» next page
Filters