Search

Search Results (333967 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-68872 2 Eli, Wordpress 2 Eli's Wordcents Adsense Widget With Analytics, Wordpress 2026-06-23 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Eli&#039;s WordCents adSense Widget with Analytics <= 1.3.03.27 versions.
CVE-2025-69332 2 Mycred, Wordpress 2 Bookify, Wordpress 2026-06-23 6.5 Medium
Subscriber Broken Access Control in Bookify <= 1.1.1 versions.
CVE-2025-10262 1 Nokia 1 Sr Linux 2026-06-23 6.3 Medium
Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges.
CVE-2025-9912 1 Nokia 1 Nokia Sr Linux 2026-06-23 6.3 Medium
Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege.
CVE-2026-10093 2 Deepakkite, Wordpress 2 Secure Client Portal And Private File Sharing Plugin – User Private Files, Wordpress 2026-06-23 6.4 Medium
The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-68045 2 Arraytics, Wordpress 2 Wp Event Solution, Wordpress 2026-06-23 7.5 High
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
CVE-2024-39575 1 Dell 1 Dell Emc Vxrail Appliance 2026-06-23 7.4 High
update_disk_psu_baseline.sh requires password in plain text
CVE-2026-10303 1 Serverco 1 Getssl 2026-06-23 7.4 High
In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can supply ACME challenge responses to getssl (for example, a malicious or compromised CA endpoint, or an on-path adversary able to tamper with that response path) could exploit this to achieve unauthorized file write/path traversal effects, usually with elevated privileges, ultimately allowing for remote command injection. This issue appears related in spirit to CVE-2023-38198, and is an instance of CWE-73, "External control of file name or path." Other ACME shell script handlers may be affected by similar issues.
CVE-2025-58924 2 Themerex Group, Wordpress 2 Geya, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Geya <= 1.15 versions.
CVE-2025-60085 2 Themerex Group, Wordpress 2 Learnify, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions.
CVE-2025-69103 2 Utillz, Wordpress 2 Brikk, Wordpress 2026-06-23 7.5 High
Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.
CVE-2025-69104 2 Jkdevstudio, Wordpress 2 Qreatix, Wordpress 2026-06-23 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.
CVE-2025-69107 2 Themerex, Wordpress 2 Rosaleen, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions.
CVE-2025-69108 2 Themerex, Wordpress 2 Hot Coffee, Wordpress 2026-06-23 9.8 Critical
Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions.
CVE-2025-69109 2 Themerex, Wordpress 2 Raider Spirit, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions.
CVE-2025-69119 2 Themerex, Wordpress 2 Corbesier, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions.
CVE-2025-69121 2 Themerex, Wordpress 2 Deliciosa, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions.
CVE-2025-69122 2 Themerex, Wordpress 2 Seafood Company, Wordpress 2026-06-23 9.8 Critical
Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions.
CVE-2025-69125 2 Themerex, Wordpress 2 Food Drop, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions.
CVE-2025-69131 2 Extendons, Wordpress 2 Wordpress & Woocommerce Scraper Plugin, Import Data From Any Site, Wordpress 2026-06-23 7.5 High
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.