Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23952 | 2025-03-26 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ntm custom-field-list-widget allows PHP Local File Inclusion. This issue affects custom-field-list-widget: from n/a through 1.5.1. | ||||
| CVE-2025-26544 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound UTM tags tracking for Contact Form 7 allows Reflected XSS. This issue affects UTM tags tracking for Contact Form 7: from n/a through 2.1. | ||||
| CVE-2025-26546 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Cookies Pro allows Reflected XSS. This issue affects Cookies Pro: from n/a through 1.0. | ||||
| CVE-2025-26559 | 2025-03-26 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Secure Invites allows Reflected XSS. This issue affects Secure Invites: from n/a through 1.3. | ||||
| CVE-2025-23964 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Google Plus allows Reflected XSS. This issue affects Google Plus: from n/a through 1.0.2. | ||||
| CVE-2025-26560 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Contact Form III allows Reflected XSS. This issue affects WP Contact Form III: from n/a through 1.6.2d. | ||||
| CVE-2025-26564 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kagla GNUCommerce allows Reflected XSS. This issue affects GNUCommerce: from n/a through 1.5.4. | ||||
| CVE-2022-34388 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2025-03-26 | 7.1 High |
| Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application. | ||||
| CVE-2025-24690 | 2025-03-26 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality allows PHP Local File Inclusion. This issue affects Formality: from n/a through 1.5.7. | ||||
| CVE-2025-26584 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound TBTestimonials allows Reflected XSS. This issue affects TBTestimonials: from n/a through 1.7.3. | ||||
| CVE-2025-26929 | 2025-03-26 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NOUS Ouvert Utile et Simple Accounting for WooCommerce allows Stored XSS.This issue affects Accounting for WooCommerce: from n/a through 1.6.8. | ||||
| CVE-2025-26923 | 2025-03-26 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post allows Stored XSS.This issue affects Event post: from n/a through 5.9.8. | ||||
| CVE-2025-25134 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Theme Demo Bar allows Reflected XSS. This issue affects Theme Demo Bar: from n/a through 1.6.3. | ||||
| CVE-2025-26922 | 2025-03-26 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techthemes AuraMart allows Stored XSS.This issue affects AuraMart: from n/a through 2.0.7. | ||||
| CVE-2025-26869 | 2025-03-26 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Build allows Stored XSS.This issue affects Build: from n/a through 1.0.3. | ||||
| CVE-2025-26747 | 2025-03-26 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 99colorthemes RainbowNews allows Stored XSS.This issue affects RainbowNews: from n/a through 1.0.7. | ||||
| CVE-2025-26739 | 2025-03-26 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction newseqo allows Stored XSS.This issue affects newseqo: from n/a through 2.1.1. | ||||
| CVE-2025-27553 | 1 Apache | 1 Commons Vfs | 2025-03-26 | 7.5 High |
| Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue. | ||||
| CVE-2022-34389 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2025-03-26 | 3.7 Low |
| Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. | ||||
| CVE-2022-34392 | 1 Dell | 1 Supportassist For Home Pcs | 2025-03-26 | 5.5 Medium |
| SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information. | ||||