Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 253568 entries
IDDescriptionPriorityModified date
CVE-2025-24594 Missing Authorization vulnerability in Speedcomp Linet ERP-Woocommerce Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.7. -- Jan 24, 2025
CVE-2025-24593 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WisdmLabs Edwiser Bridge allows Reflected XSS. This issue affects Edwiser Bridge: from n/a through 3.0.8. -- Jan 27, 2025
CVE-2025-24591 Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1. -- Jan 24, 2025
CVE-2025-24590 Missing Authorization vulnerability in Haptiq picu – Online Photo Proofing Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects picu – Online Photo Proofing Gallery: from n/a through 2.4.0. -- Jan 27, 2025
CVE-2025-24589 Missing Authorization vulnerability in JS Morisset JSM Show Post Metadata allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JSM Show Post Metadata: from n/a through 4.6.0. -- Jan 24, 2025
CVE-2025-24588 Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1. -- Jan 24, 2025
CVE-2025-24587 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Blind SQL Injection. This issue affects Email Subscription Popup: from n/a through 1.2.23. -- Jan 24, 2025
CVE-2025-24585 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS. This issue affects Event post: from n/a through 5.9.7. -- Jan 24, 2025
CVE-2025-24584 Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0. -- Jan 27, 2025
CVE-2025-24582 Insertion of Sensitive Information Into Sent Data vulnerability in Code for Recovery 12 Step Meeting List allows Retrieve Embedded Sensitive Data. This issue affects 12 Step Meeting List: from n/a through 3.16.5. -- Jan 24, 2025
CVE-2025-24580 Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 12 Step Meeting List: from n/a through 3.16.5. -- Jan 24, 2025
CVE-2025-24579 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Kyle Phillips Nested Pages allows Stored XSS. This issue affects Nested Pages: from n/a through 3.2.9. -- Jan 24, 2025
CVE-2025-24578 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ElementInvader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.0. -- Jan 24, 2025
CVE-2025-24576 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Fatcat Apps Landing Page Cat allows Reflected XSS. This issue affects Landing Page Cat: from n/a through 1.7.7. -- Feb 3, 2025
CVE-2025-24575 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in HelloAsso HelloAsso allows Stored XSS. This issue affects HelloAsso: from n/a through 1.1.11. -- Jan 24, 2025
CVE-2025-24574 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pepro Dev. Group PeproDev WooCommerce Receipt Uploader allows Reflected XSS. This issue affects PeproDev WooCommerce Receipt Uploader: from n/a through 2.6.9. -- Feb 3, 2025
CVE-2025-24573 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pagelayer Team PageLayer allows DOM-Based XSS. This issue affects PageLayer: from n/a through 1.9.4. -- Jan 24, 2025
CVE-2025-24572 Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.78.258. -- Jan 24, 2025
CVE-2025-24571 Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Fast Total Search: from n/a through 1.78.258. -- Jan 24, 2025
CVE-2025-24570 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Atarim Atarim allows Stored XSS. This issue affects Atarim: from n/a through 4.0.8. -- Jan 24, 2025
CVE-2025-24569 Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder allows Path Traversal. This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through 1.7.5. -- Feb 3, 2025
CVE-2025-24568 Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates allows Cross Site Request Forgery. This issue affects Starter Templates: from n/a through 4.4.9. -- Jan 24, 2025
CVE-2025-24563 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThemeGlow Cleanup – Directory Listing & Classifieds WordPress Plugin allows Reflected XSS. This issue affects Cleanup – Directory Listing & Classifieds WordPress Plugin: from n/a through 1.0.4. -- Jan 31, 2025
CVE-2025-24562 Cross-Site Request Forgery (CSRF) vulnerability in Optimal Access Inc. KBucket allows Stored XSS. This issue affects KBucket: from n/a through 4.1.6. -- Jan 24, 2025
CVE-2025-24561 Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap ReviewsTap allows Stored XSS. This issue affects ReviewsTap: from n/a through 1.1.2. -- Jan 24, 2025
CVE-2025-24560 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Awesome TOGI Awesome Event Booking allows Reflected XSS. This issue affects Awesome Event Booking: from n/a through 2.7.1. -- Jan 31, 2025
CVE-2025-24559 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.15.0. -- Feb 3, 2025
CVE-2025-24557 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in plainware.com PlainInventory allows Reflected XSS. This issue affects PlainInventory: from n/a through 3.1.5. -- Feb 3, 2025
CVE-2025-24556 Insertion of Sensitive Information into Log File vulnerability in DualCube MooWoodle allows Retrieve Embedded Sensitive Data. This issue affects MooWoodle: from n/a through 3.2.4. -- Feb 3, 2025
CVE-2025-24555 Cross-Site Request Forgery (CSRF) vulnerability in SubscriptionDNA.com Subscription DNA allows Stored XSS. This issue affects Subscription DNA: from n/a through 2.1. -- Jan 24, 2025
CVE-2025-24552 Generation of Error Message Containing Sensitive Information vulnerability in David de Boer Paytium allows Retrieve Embedded Sensitive Data. This issue affects Paytium: from n/a through 4.4.11. -- Jan 24, 2025
CVE-2025-24551 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in OneTeamSoftware Radio Buttons and Swatches for WooCommerce allows Reflected XSS. This issue affects Radio Buttons and Swatches for WooCommerce: from n/a through 1.1.20. -- Jan 31, 2025
CVE-2025-24549 Cross-Site Request Forgery (CSRF) vulnerability in Mahbubur Rahman Post Meta allows Reflected XSS. This issue affects Post Meta: from n/a through 1.0.9. -- Jan 31, 2025
CVE-2025-24547 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Matthias Wagner - FALKEmedia Caching Compatible Cookie Opt-In and JavaScript allows Stored XSS. This issue affects Caching Compatible Cookie Opt-In and JavaScript: from n/a through 0.0.10. -- Jan 24, 2025
CVE-2025-24546 Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9. -- Jan 24, 2025
CVE-2025-24545 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BannerSky.com BSK Forms Validation allows Reflected XSS. This issue affects BSK Forms Validation: from n/a through 1.7. -- Feb 3, 2025
CVE-2025-24544 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Alexandros Georgiou Bitcoin and Altcoin Wallets allows Reflected XSS. This issue affects Bitcoin and Altcoin Wallets: from n/a through 6.3.1. -- Feb 3, 2025
CVE-2025-24543 Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9. -- Jan 24, 2025
CVE-2025-24542 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in icegram Icegram allows Stored XSS. This issue affects Icegram: from n/a through 3.1.31. -- Jan 24, 2025
CVE-2025-24541 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Emili Castells DK White Label allows Reflected XSS. This issue affects DK White Label: from n/a through 1.0. -- Feb 3, 2025
CVE-2025-24540 Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Cross Site Request Forgery. This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.18.9. -- Jan 27, 2025
CVE-2025-24538 Cross-Site Request Forgery (CSRF) vulnerability in slaFFik BuddyPress Groups Extras allows Cross Site Request Forgery. This issue affects BuddyPress Groups Extras: from n/a through 3.6.10. -- Jan 27, 2025
CVE-2025-24537 Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery. This issue affects The Events Calendar: from n/a through 6.7.0. -- Jan 27, 2025
CVE-2025-24536 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThriveDesk ThriveDesk allows Reflected XSS. This issue affects ThriveDesk: from n/a through 2.0.6. -- Feb 3, 2025
CVE-2025-24535 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SKT Themes SKT Donation allows Reflected XSS. This issue affects SKT Donation: from n/a through 1.9. -- Jan 31, 2025
CVE-2025-24534 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Emili Castells DPortfolio allows Reflected XSS. This issue affects DPortfolio: from n/a through 2.0. -- Jan 31, 2025
CVE-2025-24533 Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider allows Cross Site Request Forgery. This issue affects Responsive Slider by MetaSlider: from n/a through 3.92.0. -- Jan 27, 2025
CVE-2025-24528 In MIT krb5 release 1.7 and later with incremental propagation -- Jan 30, 2025
CVE-2025-24527 An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant\'s 128-bit connector GUID, they can execute debug commands on that connector. -- Feb 6, 2025
CVE-2025-24507 This vulnerability allows appliance compromise at boot time. -- Feb 5, 2025
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online