4.3
CVE-2024-45354 - xiaomi shop application Webview has code execution vulnerability
A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
4.3
CVE-2024-45353 - quick App has intent redriction vulnerability
An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction.
0.0
CVE-2025-2845 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.4
CVE-2025-2685 - TablePress โ Tables in WordPress made easy <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scrโฆ
The TablePress โ Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โtable-nameโ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,โฆ
9.8
CVE-2025-2332 - Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attackersโฆ
5.5
CVE-2025-0273 - HCL DevOps Deploy / HCL Launch is susceptible to Insertion of Sensitive Information into Log File vโฆ
HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.
6.9
CVE-2025-31165 - Cross Site Scripting in NightWolf Penetration Platform
Cross-Site Scripting (XSS) vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature.
5.3
CVE-2025-2835 - zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remoโฆ
6.9
CVE-2025-2833 - zhangyd-c OneBlog HTTP Header redos
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the โฆ
5.3
CVE-2025-2832 - mingyuefusu ๆๆๅค่ tushuguanlixitong ๅพไนฆ็ฎก็็ณป็ป cross-site request forgery
A vulnerability was found in mingyuefusu ๆๆๅค่ tushuguanlixitong ๅพไนฆ็ฎก็็ณป็ป up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit haโฆ