CVE-2026-2858 - A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of

CVE-2026-27120 - Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit

CVE-2026-27118 - SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Ve

CVE-2026-27113 - Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fc

CVE-2026-27112 - Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.1

CVE-2026-27111 - Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's auth

CVE-2026-27026 - pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this v

CVE-2026-27025 - pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this v

CVE-2026-27024 - pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this v

CVE-2026-27022 - @langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph

CVE-2026-0797 - GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabi

CVE-2026-0777 - Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability all

CVE-2026-2857 - A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function su

CVE-2026-2856 - A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function

CVE-2026-27190 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulne

CVE-2026-27020 - Photobooth prior to 1.0.1 has a cross-site scripting (XSS) vulnerability in user input fields. Malic

CVE-2026-25896 - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object wi

CVE-2026-24892 - openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios,

CVE-2026-2855 - A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub_4648F0 of th

CVE-2026-2854 - A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub_4611CC of the file /

CVE-2026-2853 - A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub_462E14 of the

CVE-2026-2473 - Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up

CVE-2026-2472 - Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Verte

CVE-2025-62326 - HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative use

CVE-2026-2852 - A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. T

CVE-2021-35402 - PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injec

CVE-2019-25445 - Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated

CVE-2019-25444 - Fiverr Clone Script 1.2.2 contains an SQL injection vulnerability that allows unauthenticated attack

CVE-2026-2851 - A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. T

CVE-2026-2850 - A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This a

CVE-2026-2832 - Certain Samsung MultiXpress Multifunction Printers may be vulnerable to information disclosure, pote

CVE-2026-27115 - ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated com

CVE-2026-24891 - openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios,

CVE-2026-2849 - A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. A

CVE-2026-2848 - A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vuln

CVE-2026-2818 - A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows

CVE-2026-2333 - Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.

CVE-2026-27506 - SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user prof

CVE-2026-27505 - SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user regi

CVE-2026-27504 - SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobil

CVE-2026-27503 - SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.

CVE-2026-27502 - SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php vi

CVE-2026-26747 - A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Ho

CVE-2026-26746 - OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice

CVE-2026-26745 - OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_s

CVE-2026-26725 - An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escala

CVE-2026-26724 - Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230

CVE-2026-26723 - Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230

CVE-2026-26722 - An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attack

CVE-2026-26721 - An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attack

CVE-2026-26102 - Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation v

CVE-2026-26101 - Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation v

CVE-2026-26100 - Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation v

CVE-2026-26099 - Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration Fi

CVE-2026-26098 - Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration Fi

CVE-2026-26097 - Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration Fi

CVE-2026-26096 - Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation v

CVE-2026-26095 - Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation v

CVE-2026-26093 - Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.

CVE-2026-26049 - The web management interface of the device renders the passwords in a plaintext input field. The cu

CVE-2026-26048 - The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame

CVE-2026-25715 - The web management interface of the device allows the administrator username and password to be set

CVE-2026-24790 - The underlying PLC of the device can be remotely influenced, without proper safeguards or authentica

CVE-2026-24455 - The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTT

CVE-2026-1842 - HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for re

CVE-2025-70833 - An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset t

CVE-2025-15583 - A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_v

CVE-2025-15582 - A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the fun

CVE-2026-2847 - A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub_44EFB4 of t

CVE-2026-2846 - A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function

CVE-2026-27072 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24959 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-24956 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-24955 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24953 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitc

CVE-2026-24950 - Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allow

CVE-2026-24949 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24948 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24946 - Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce

CVE-2026-24944 - Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Co

CVE-2026-24943 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24941 - Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Inc

CVE-2026-22885 - A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow rem

CVE-2026-22384 - Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes a

CVE-2026-22383 - Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Sho

CVE-2026-22381 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22380 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22379 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22378 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22377 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22376 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22375 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22374 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22373 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22372 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22371 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22370 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22369 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22368 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22367 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22366 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22365 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22364 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22363 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22362 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22361 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22357 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-22356 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22354 - Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management b

CVE-2026-22352 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-22351 - Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows E

CVE-2026-22350 - Missing Authorization vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template

CVE-2026-22346 - Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image sli

CVE-2026-22345 - Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Respo

CVE-2026-22344 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22341 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked

CVE-2026-20761 - A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow rem

CVE-2025-70831 - A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php in

CVE-2025-69410 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69409 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69408 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69407 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69406 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69405 - Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum | Books & Media Store lorem-

CVE-2025-69404 - Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object

CVE-2025-69403 - Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons bravis-

CVE-2025-69402 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69401 - Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery

CVE-2025-69400 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69399 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69398 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69397 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69396 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69395 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69394 - Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows Exploi

CVE-2025-69393 - Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Ac

CVE-2025-69392 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69391 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69390 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69389 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69388 - Missing Authorization vulnerability in cliengo Cliengo – Chatbot cliengo allows Exploiting Incorrect

CVE-2025-69387 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69386 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69385 - Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartif

CVE-2025-69384 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69383 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69382 - Deserialization of Untrusted Data vulnerability in themesflat Themesflat Elementor themesflat-elemen

CVE-2025-69381 - Missing Authorization vulnerability in vanquish WooCommerce Bulk Product Editor woocommerce-quick-pr

CVE-2025-69380 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanq

CVE-2025-69379 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanq

CVE-2025-69378 - Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdct

CVE-2025-69377 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanq

CVE-2025-69376 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanq

CVE-2025-69375 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69374 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69373 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69372 - Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object

CVE-2025-69371 - Deserialization of Untrusted Data vulnerability in AncoraThemes KindlyCare kindlycare allows Object

CVE-2025-69370 - Deserialization of Untrusted Data vulnerability in ThemeGoods Capella capella allows Object Injectio

CVE-2025-69368 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69367 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69366 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69365 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69337 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69330 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69329 - Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection

CVE-2025-69328 - Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking

CVE-2025-69326 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69325 - Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-myd

CVE-2025-69324 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69323 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69322 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69310 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69309 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69308 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69307 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69306 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69305 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69304 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69303 - Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework allows E

CVE-2025-69302 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69301 - Deserialization of Untrusted Data vulnerability in ThemeGoods PhotoMe photome allows Object Injectio

CVE-2025-69299 - Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Reque

CVE-2025-69298 - Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configure

CVE-2025-69297 - Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting I

CVE-2025-69296 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69295 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69294 - Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Inje

CVE-2025-69063 - Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploitin

CVE-2025-69011 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68895 - Authentication Bypass Using an Alternate Path or Channel vulnerability in ahachat AhaChat Messenger

CVE-2025-68880 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68863 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68862 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Murt

CVE-2025-68856 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68855 - Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing jo

CVE-2025-68854 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68853 - Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Obje

CVE-2025-68852 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68848 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68847 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68846 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68845 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68844 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68843 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68842 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68841 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-68837 - Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing Sys

CVE-2025-68834 - Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google She

CVE-2025-68564 - Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Ac

CVE-2025-68552 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-68549 - Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows U

CVE-2025-68545 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-68543 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-68542 - Missing Authorization vulnerability in vgdevsolutions Checkout Gateway for IRIS checkout-gateway-iri

CVE-2025-68541 - Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.

CVE-2025-68539 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-68536 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-68534 - Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting

CVE-2025-68531 - Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Ele

CVE-2025-68526 - Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows

CVE-2025-68514 - Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptio

CVE-2025-68501 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68495 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68069 - Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly C

CVE-2025-68051 - Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket a

CVE-2025-68050 - Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly C

CVE-2025-68048 - Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allo

CVE-2025-68043 - Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorre

CVE-2025-68042 - Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting I

CVE-2025-68037 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68032 - Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics

CVE-2025-68031 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68028 - Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-fo

CVE-2025-68026 - Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrect

CVE-2025-68025 - Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floa

CVE-2025-68024 - Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist al

CVE-2025-68023 - Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify

CVE-2025-68022 - Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerc

CVE-2025-68021 - Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting

CVE-2025-68005 - Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Inc

CVE-2025-68002 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 100p

CVE-2025-68000 - Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting

CVE-2025-67998 - Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous El

CVE-2025-67997 - Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Objec

CVE-2025-67996 - Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.

CVE-2025-67995 - Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injec

CVE-2025-67994 - Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorre

CVE-2025-67993 - Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiti

CVE-2025-67992 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio