Total
323475 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1030 | 1 Utarit | 1 Soliclub | 2025-12-19 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from 5.2.4 before 5.3.7. | ||||
| CVE-2025-14860 | 1 Mozilla | 1 Firefox | 2025-12-19 | N/A |
| Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146.0.1. | ||||
| CVE-2025-68278 | 1 Tina | 1 Tinacms | 2025-12-19 | N/A |
| Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cli version 2.0.4, and @tinacms/graphql version 2.0.3 contain a fix for the issue. | ||||
| CVE-2025-64282 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in RadiusTheme Radius Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Radius Blocks: from n/a through 2.2.1. | ||||
| CVE-2025-14861 | 1 Mozilla | 1 Firefox | 2025-12-19 | 8.8 High |
| Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146.0.1. | ||||
| CVE-2025-14277 | 3 Bdthemes, Elementor, Wordpress | 3 Prime Slider, Elementor, Wordpress | 2025-12-19 | 4.3 Medium |
| The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the import_elementor_template AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-62960 | 2 Sparkle Wp, Wordpress | 2 Construction Light, Wordpress | 2025-12-19 | 5.4 Medium |
| Missing Authorization vulnerability in Sparkle WP Construction Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through 1.6.7. | ||||
| CVE-2025-1029 | 1 Utarit | 1 Soliclub | 2025-12-19 | 7.5 High |
| Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7. | ||||
| CVE-2025-13110 | 2 Realmag777, Wordpress | 2 Huskys Products Filter Professional For Woocommerce, Wordpress | 2025-12-19 | 4.3 Medium |
| The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woof_add_subscr" function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber level access and above, to create product messenger subscriptions on behalf of arbitrary users, including administrators. | ||||
| CVE-2025-14618 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 4.3 Medium |
| The Sweet Energy Efficiency plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on the 'sweet_energy_efficiency_action' AJAX handler in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with subscriber level access and above, to read, modify, and delete arbitrary graphs. | ||||
| CVE-2025-14744 | 2 Apple, Mozilla | 2 Ios, Firefox For Ios | 2025-12-19 | 6.5 Medium |
| Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0. | ||||
| CVE-2025-62961 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 5.4 Medium |
| Missing Authorization vulnerability in Sparkle WP Sparkle FSE allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sparkle FSE: from n/a through 1.0.9. | ||||
| CVE-2025-7047 | 1 Utarit | 1 Soliclub | 2025-12-19 | 4.3 Medium |
| Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse.This issue affects SoliClub: before 5.3.7. | ||||
| CVE-2025-64355 | 2 Crocoblock, Wordpress | 2 Jetelements For Elementor, Wordpress | 2025-12-19 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through 2.7.12. | ||||
| CVE-2025-63002 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 5.3 Medium |
| Missing Authorization vulnerability in wpforchurch Sermon Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sermon Manager: from n/a through 2.30.0. | ||||
| CVE-2025-14437 | 2 Wordpress, Wpmudev | 2 Wordpress, Hummingbird | 2025-12-19 | 7.5 High |
| The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials. | ||||
| CVE-2025-14884 | 1 D-link | 1 Dir-605 | 2025-12-19 | 7.2 High |
| A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-14877 | 1 Campcodes | 1 Supplier Management System | 2025-12-19 | 7.3 High |
| A vulnerability was identified in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_retailer.php. The manipulation of the argument cmbAreaCode leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-63043 | 2 Pickplugins, Wordpress | 2 Post Grid, Wordpress | 2025-12-19 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.19. | ||||
| CVE-2025-66058 | 2 Pickplugins, Wordpress | 2 Post Grid, Wordpress | 2025-12-19 | 6.5 Medium |
| Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.17. | ||||