Total
323562 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66118 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Reflected XSS.This issue affects Sprout Clients: from n/a through <= 3.2.1. | ||||
| CVE-2025-14277 | 3 Bdthemes, Elementor, Wordpress | 3 Prime Slider, Elementor, Wordpress | 2025-12-19 | 4.3 Medium |
| The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the import_elementor_template AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-13110 | 2 Realmag777, Wordpress | 2 Huskys Products Filter Professional For Woocommerce, Wordpress | 2025-12-19 | 4.3 Medium |
| The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woof_add_subscr" function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber level access and above, to create product messenger subscriptions on behalf of arbitrary users, including administrators. | ||||
| CVE-2025-14618 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 4.3 Medium |
| The Sweet Energy Efficiency plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on the 'sweet_energy_efficiency_action' AJAX handler in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with subscriber level access and above, to read, modify, and delete arbitrary graphs. | ||||
| CVE-2025-14437 | 2 Wordpress, Wpmudev | 2 Wordpress, Hummingbird | 2025-12-19 | 7.5 High |
| The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials. | ||||
| CVE-2023-44247 | 1 Fortinet | 1 Fortios | 2025-12-19 | 6.5 Medium |
| A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 6.4 all versions may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. | ||||
| CVE-2025-10729 | 1 Qt | 1 Qt | 2025-12-19 | 8.6 High |
| The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free. | ||||
| CVE-2025-43541 | 1 Apple | 8 Ios, Ipad Os, Ipados and 5 more | 2025-12-19 | 4.3 Medium |
| A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||
| CVE-2025-43501 | 2 Apple, Webkitgtk | 8 Ios, Ipados, Iphone Os and 5 more | 2025-12-19 | 4.3 Medium |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-37164 | 1 Hpe | 1 Oneview | 2025-12-19 | 10 Critical |
| A remote code execution issue exists in HPE OneView. | ||||
| CVE-2025-68491 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68490 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68489 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68488 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68487 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68486 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68485 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68484 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68483 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-54515 | 2 Amd, Arm | 4 Alveo, Versal, Cortex-a and 1 more | 2025-12-19 | N/A |
| The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appear they were from processors in the secure state instead of the non-secure state. | ||||