Total
294566 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29967 | 2025-05-17 | 8.8 High | ||
| Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-29966 | 2025-05-17 | 8.8 High | ||
| Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-29964 | 2025-05-17 | 8.8 High | ||
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-29960 | 2025-05-17 | 6.5 Medium | ||
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-29959 | 2025-05-17 | 6.5 Medium | ||
| Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-29825 | 2025-05-17 | 6.5 Medium | ||
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-26684 | 2025-05-17 | 6.7 Medium | ||
| External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26646 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2025-05-17 | 8 High |
| External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2024-10568 | 1 Wp-dreams | 1 Ajax Search | 2025-05-17 | 4.7 Medium |
| The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-4809 | 2025-05-17 | 8.8 High | ||
| A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function fromSafeSetMacFilter of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10518 | 1 Properfraction | 1 Profilepress | 2025-05-17 | 4.8 Medium |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-4804 | 2025-05-17 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through 12.11.1. | ||||
| CVE-2024-10517 | 1 Properfraction | 1 Profilepress | 2025-05-17 | 4.8 Medium |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-4805 | 2025-05-17 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through 12.11.1. | ||||
| CVE-2024-10499 | 1 Meowapps | 1 Ai Engine | 2025-05-17 | 7.2 High |
| The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2025-4810 | 2025-05-17 | 8.8 High | ||
| A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument reboot_time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11972 | 1 Themehunk | 1 Hunk Companion | 2025-05-17 | 9.8 Critical |
| The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed. | ||||
| CVE-2024-11842 | 1 Digireturn | 1 Shipping By Weight For Woocommerce | 2025-05-17 | 4.3 Medium |
| The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2025-4811 | 2025-05-17 | 7.3 High | ||
| A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11841 | 1 Jordangillman | 1 Tithe.ly Giving Button | 2025-05-17 | 5.4 Medium |
| The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||