cve.li

Recent

CVE-2025-12598CWE-89CWE-74

SourceCodester Best House Rental Management System admin_class.php save_tenant sql injection

Published 2025-11-02 by VulDB

CVE-2025-12597CWE-89CWE-74

SourceCodester Best House Rental Management System admin_class.php save_category sql injection

Published 2025-11-02 by VulDB

CVE-2025-12596CWE-120CWE-119

Tenda AC23 saveParentControlInfo buffer overflow

Published 2025-11-02 by VulDB

CVE-2025-12595CWE-120CWE-119

Tenda AC23 SetVirtualServerCfg formSetVirtualSer buffer overflow

Published 2025-11-02 by VulDB

CVE-2025-12594CWE-89CWE-74

code-projects Simple Online Hotel Reservation System add_account.php sql injection

Published 2025-11-02 by VulDB

CVE-2025-12593CWE-434CWE-284

code-projects Simple Online Hotel Reservation System Photo edit_room.php unrestricted upload

Published 2025-11-02 by VulDB

CVE-2025-12603CWE-787

/etc/timezone can be Arbitrarily Written

Published 2025-11-01 by azure-access

CVE-2025-12602CWE-787

/etc/avahi/services/z9.service can be Arbitrarily Written

Published 2025-11-01 by azure-access

CVE-2025-12601CWE-730

Denial of Service Due to SlowLoris

Published 2025-11-01 by azure-access

CVE-2025-12600CWE-730

Web UI Malfunction

Published 2025-11-01 by azure-access

CVE-2025-12599CWE-321

Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000)

Published 2025-11-01 by azure-access

CVE-2025-36367CWE-862

IBM i is affected by a privilege escalation in IBM i SQL services

Published 2025-11-01 by ibm

CVE-2025-6988CWE-79

Kallyas <= 4.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published 2025-11-01 by Wordfence

CVE-2025-6990CWE-94

Kallyas <= 4.24.0 - Authenticated (Contributor+) Remote Code Execution

Published 2025-11-01 by Wordfence

CVE-2025-12137CWE-73

Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read

Published 2025-11-01 by Wordfence

CVE-2025-12171CWE-434

RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload

Published 2025-11-01 by Wordfence

CVE-2025-11755CWE-434

Delicious Recipes <= 1.9.0 - Authenticated (Contributor+) Arbitrary File Upload

Published 2025-11-01 by Wordfence

CVE-2025-10487CWE-94

Advanced Ads <= 2.0.12 - Unauthenticated Limited Code Execution

Published 2025-11-01 by Wordfence

CVE-2025-11499CWE-434

Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload

Published 2025-11-01 by Wordfence

CVE-2025-6574CWE-639

Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover

Published 2025-11-01 by Wordfence

CVE-2025-11502CWE-79

Schema & Structured Data for WP & AMP <= 1.51 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published 2025-11-01 by Wordfence

CVE-2025-11740CWE-89

wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection

Published 2025-11-01 by Wordfence

CVE-2025-12038CWE-863

Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion

Published 2025-11-01 by Wordfence

CVE-2025-11983CWE-200

WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure

Published 2025-11-01 by Wordfence

CVE-2025-12090CWE-79

Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published 2025-11-01 by Wordfence

CVE-2025-12180CWE-862

Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update

Published 2025-11-01 by Wordfence

CVE-2025-11927CWE-79

Flying Images: Optimize and Lazy Load Images for Faster Page Speed <= 2.4.14 - Authenticated (Admin+) Stored Cross-Site Scripting

Published 2025-11-01 by Wordfence

CVE-2025-5949CWE-639

Service Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password

Published 2025-11-01 by Wordfence

CVE-2025-12118CWE-79

Schema Scalpel <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in JSON-LD Schema

Published 2025-11-01 by Wordfence

CVE-2025-11995CWE-79

Community Events <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting

Published 2025-11-01 by Wordfence

CVE-2025-11377CWE-200

List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure

Published 2025-11-01 by Wordfence

CVE-2025-11928CWE-79

CSS & JavaScript Toolbox <= 12.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting

Published 2025-11-01 by Wordfence

CVE-2025-12367CWE-285

SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update

Published 2025-11-01 by Wordfence

CVE-2025-11833CWE-862

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure

Published 2025-11-01 by Wordfence

CVE-2025-62275CWE-863

Published 2025-11-01 by Liferay

CVE-2025-11922CWE-79

Inactive Logout <= 3.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Published 2025-11-01 by Wordfence

CVE-2025-11920CWE-98

WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode

Published 2025-11-01 by Wordfence

CVE-2025-11174CWE-285

Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure

Published 2025-11-01 by Wordfence

CVE-2025-11816CWE-862

Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.5.1 - Missing Authorization to Unauthenticated API Disconnect

Published 2025-11-01 by Wordfence

CVE-2025-62276CWE-525

Published 2025-10-31 by Liferay

Load more ↓