Total
310690 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55052 | 2025-09-11 | 4.3 Medium | ||
| CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2025-5500 | 2 Google, Zhenshi | 2 Android, Mibro Fit App | 2025-09-11 | 5.3 Medium |
| A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation causes improper export of android application components. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5005 | 1 Shanghai Lingdang Information Technology | 1 Lingdang Crm | 2025-09-11 | 7.3 High |
| A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/index_event.php. The manipulation of the argument corpurl results in server-side request forgery. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-58997 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10. | ||||
| CVE-2025-58990 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTech ShopLentor allows Stored XSS. This issue affects ShopLentor: from n/a through 3.2.0. | ||||
| CVE-2025-58988 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Dolson My Tickets allows Stored XSS. This issue affects My Tickets: from n/a through 2.0.22. | ||||
| CVE-2025-58985 | 3 Woocommerce, Wordpress, Wpfactory | 3 Woocommerce, Wordpress, Additional Custom Product Tabs For Woocommerce | 2025-09-11 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through 1.7.3. | ||||
| CVE-2025-58982 | 2 Pixeline, Wordpress | 2 Email Protector, Wordpress | 2025-09-11 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline Pixeline's Email Protector allows Stored XSS. This issue affects Pixeline's Email Protector: from n/a through 1.3.8. | ||||
| CVE-2025-58978 | 2 Wordpress, Wpswings | 2 Wordpress, Pdf Generator For Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4. | ||||
| CVE-2025-58991 | 3 Cristiano Zanca, Woocommerce, Wordpress | 3 Woocommerce Booking Bundle Hours, Woocommerce, Wordpress | 2025-09-11 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4. | ||||
| CVE-2025-58981 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 5.4 Medium |
| Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0. | ||||
| CVE-2025-55049 | 1 Baicells | 1 Neutrino 430 | 2025-09-11 | 9.1 Critical |
| Use of Default Cryptographic Key (CWE-1394) | ||||
| CVE-2025-55050 | 2025-09-11 | 9.8 Critical | ||
| CWE-1242: Inclusion of Undocumented Features | ||||
| CVE-2025-55047 | 2025-09-11 | 8.4 High | ||
| CWE-798 Use of Hard-coded Credentials | ||||
| CVE-2025-55051 | 2025-09-11 | 10 Critical | ||
| CWE-1392: Use of Default Credentials | ||||
| CVE-2025-55053 | 2025-09-11 | 6.5 Medium | ||
| CWE-328: Use of Weak Hash | ||||
| CVE-2025-58976 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0. | ||||
| CVE-2025-58979 | 2 Berqier, Wordpress | 2 Berqwp, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BerqWP: from n/a through 2.2.53. | ||||
| CVE-2025-58993 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2025-09-11 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4. | ||||
| CVE-2025-55048 | 2025-09-11 | 9.8 Critical | ||
| Multiple CWE-78 | ||||