Export limit exceeded: 333967 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (334037 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-71331 1 Flowiseai 1 Flowise 2026-06-22 6.1 Medium
Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload (e.g., <iframe src="javascript:alert(document.cookie)">) in a chat box, or by having a custom agent function return an XSS payload from an external website. The injected script executes in the victim's browser, enabling theft of cookies and session data.
CVE-2019-25763 2 Ultimatebeaver, Wordpress 2 Ultimate Addons For Beaver Builder, Wordpress 2026-06-22 9.8 Critical
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the uabb-lf-google-submit action, a valid administrator email address, and a valid nonce to obtain session cookies and authenticate as that user.
CVE-2025-71357 2 Mmaitre314, Picklescan 2 Picklescan, Picklescan 2026-06-22 8.1 High
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
CVE-2023-45795 1 Pilz 2 Pasvisu, Pmi V8xx 2026-06-22 7.8 High
A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device.
CVE-2022-50972 2 Woocommerce, Wordpress 2 Woocommerce, Wordpress 2026-06-22 9.8 Critical
WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers can send requests to the class-wc-meta-box-product-images.php endpoint with unsanitized product-type values to write malicious PHP files to the web root.
CVE-2025-32436 1 Significant-gravitas 1 Autogpt 2026-06-22 N/A
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `AddAudioToVideoBlock` will download and store the video and audio in a temporary directory without deleting before all noded are done. `StepThroughItemsBlock` can be used to iterate `MediaDurationBlock` multiple times. `StepThroughItemsBlock` does not limit the number of loops. In addition, `AddAudioToVideoBlock` does not limit the amount of disk space consumed in the current working directory and does not delete the video after outputing the result. When a malicious user chooses to screen shot many web pages, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue.
CVE-2025-10560 1 Silver Leaf Technologies 1 Worksnaps 2026-06-21 N/A
Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials authenticated as the AWS account root identity and provided access to Worksnaps production cloud resources, including S3 buckets containing sensitive data such as screenshots of user desktops. An attacker with access to the affected client binaries could extract or recover the credentials and use them to access affected Worksnaps cloud resources.
CVE-2024-49269 2 Mythemes, Wordpress 2 My Flatonica, Wordpress 2026-06-20 7.1 High
Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.
CVE-2024-52488 2 Wordpress, Zidithemes 2 Wordpress, Grip 2026-06-20 9.9 Critical
Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.
CVE-2025-59560 2 Sonaar Music, Wordpress 2 Sonaar, Wordpress 2026-06-20 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.
CVE-2025-59563 2 Sonaar Music, Wordpress 2 Sonaar, Wordpress 2026-06-20 8.8 High
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
CVE-2025-60205 2 Themerex, Wordpress 2 Themerex Addons, Wordpress 2026-06-20 9.8 Critical
Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.
CVE-2025-60218 2 Wordpress, Wplocker 2 Wordpress, Pt Luxa Addons 2026-06-20 9.9 Critical
Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.
CVE-2025-60223 2 Quantumcloud, Wordpress 2 Wpbot Pro Wordpress Chatbot, Wordpress 2026-06-20 7.7 High
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
CVE-2025-69110 2 Themerex, Wordpress 2 Airsupply, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions.
CVE-2025-69129 2 Extendons, Wordpress 3 Wordpress & Woocommerce Scraper Plugin, Wordpress & Woocommerce Scraper Plugin, Import Data From Any Site, Wordpress 2026-06-20 10 Critical
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
CVE-2025-69135 2 Curlythemes, Wordpress 2 Events Schedule - Wordpress Events Calendar Plugin, Wordpress 2026-06-20 8.5 High
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.
CVE-2025-69138 2 Jthemes, Wordpress 2 Genemy, Wordpress 2026-06-20 8.8 High
Subscriber Privilege Escalation in Genemy <= 1.6.6 versions.
CVE-2025-69161 2 Themerex, Wordpress 2 Snowy, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Snowy <= 1.13 versions.
CVE-2025-69171 2 Themerex, Wordpress 2 Orpheus, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions.