Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 254174 entries
IDDescriptionPriorityModified date
CVE-2025-25145 Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows Cross Site Request Forgery. This issue affects Infusionsoft Analytics: from n/a through 2.0. -- Feb 7, 2025
CVE-2025-25144 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in theasys Theasys allows Stored XSS. This issue affects Theasys: from n/a through 1.0.1. -- Feb 7, 2025
CVE-2025-25143 Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran allows Cross Site Request Forgery. This issue affects GlobalQuran: from n/a through 1.0. -- Feb 7, 2025
CVE-2025-25141 Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in zankover Fami Sales Popup allows PHP Local File Inclusion. This issue affects Fami Sales Popup: from n/a through 2.0.0. -- Feb 7, 2025
CVE-2025-25140 Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9. -- Feb 7, 2025
CVE-2025-25139 Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed allows Stored XSS. This issue affects WP Custom Post RSS Feed: from n/a through 1.0.0. -- Feb 7, 2025
CVE-2025-25138 Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button allows Stored XSS. This issue affects On Page SEO + Whatsapp Chat Button: from n/a through 2.0.0. -- Feb 7, 2025
CVE-2025-25136 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in shujahat21 Optimate Ads allows Stored XSS. This issue affects Optimate Ads: from n/a through 1.0.3. -- Feb 7, 2025
CVE-2025-25135 Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3. -- Feb 7, 2025
CVE-2025-25128 Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita Form Tracker allows Stored XSS. This issue affects Facilita Form Tracker: from n/a through 1.0. -- Feb 7, 2025
CVE-2025-25126 Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO allows Stored XSS. This issue affects ZMSEO: from n/a through 1.14.1. -- Feb 7, 2025
CVE-2025-25125 Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 2.7. -- Feb 7, 2025
CVE-2025-25123 Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts allows Stored XSS. This issue affects Easy Related Posts: from n/a through 2.0.2. -- Feb 7, 2025
CVE-2025-25120 Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3. -- Feb 7, 2025
CVE-2025-25117 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Alex Polonski Smart Countdown FX allows Stored XSS. This issue affects Smart Countdown FX: from n/a through 1.5.5. -- Feb 7, 2025
CVE-2025-25116 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in sudipto Link to URL / Post allows Blind SQL Injection. This issue affects Link to URL / Post: from n/a through 1.3. -- Feb 7, 2025
CVE-2025-25111 Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check allows Cross Site Request Forgery. This issue affects WP Spell Check: from n/a through 9.21. -- Feb 7, 2025
CVE-2025-25110 Missing Authorization vulnerability in Metagauss Event Kikfyre allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Kikfyre: from n/a through 2.1.8. -- Feb 7, 2025
CVE-2025-25107 Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery. This issue affects OneStore Sites: from n/a through 0.1.1. -- Feb 7, 2025
CVE-2025-25106 Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery. This issue affects Starter Templates by FancyWP: from n/a through 2.0.0. -- Feb 7, 2025
CVE-2025-25105 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in coffeestudios Pop Up allows Stored XSS. This issue affects Pop Up: from n/a through 0.1. -- Feb 7, 2025
CVE-2025-25104 Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box allows Cross Site Request Forgery. This issue affects URL-Preview-Box: from n/a through 1.20. -- Feb 7, 2025
CVE-2025-25103 Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API allows Cross Site Request Forgery. This issue affects Indeed API: from n/a through 0.5. -- Feb 7, 2025
CVE-2025-25101 Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7. -- Feb 7, 2025
CVE-2025-25098 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Zack Katz Links in Captions allows Stored XSS. This issue affects Links in Captions: from n/a through 1.2. -- Feb 7, 2025
CVE-2025-25097 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in kwiliarty External Video For Everybody allows Stored XSS. This issue affects External Video For Everybody: from n/a through 2.1.1. -- Feb 7, 2025
CVE-2025-25096 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in titusbicknell RSS in Page allows Stored XSS. This issue affects RSS in Page: from n/a through 2.9.1. -- Feb 7, 2025
CVE-2025-25095 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in reverbnationdev ReverbNation Widgets allows Stored XSS. This issue affects ReverbNation Widgets: from n/a through 2.1. -- Feb 7, 2025
CVE-2025-25094 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Amitythemes.com Breaking News Ticker allows Stored XSS. This issue affects Breaking News Ticker: from n/a through 2.4.4. -- Feb 7, 2025
CVE-2025-25093 Cross-Site Request Forgery (CSRF) vulnerability in paulswarthout Child Themes Helper allows Path Traversal. This issue affects Child Themes Helper: from n/a through 2.2.7. -- Feb 7, 2025
CVE-2025-25091 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in zackdesign NextGen Cooliris Gallery allows Stored XSS. This issue affects NextGen Cooliris Gallery: from n/a through 0.7. -- Feb 7, 2025
CVE-2025-25088 Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keyword Monitor allows Stored XSS. This issue affects WP Keyword Monitor: from n/a through 1.0.5. -- Feb 7, 2025
CVE-2025-25085 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in matt_mcbrien WP SimpleWeather allows Stored XSS. This issue affects WP SimpleWeather: from n/a through 0.2.5. -- Feb 7, 2025
CVE-2025-25082 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Max Chirkov FlexIDX Home Search allows Stored XSS. This issue affects FlexIDX Home Search: from n/a through 2.1.2. -- Feb 7, 2025
CVE-2025-25081 Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1. -- Feb 7, 2025
CVE-2025-25080 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in gubbigubbi Kona Gallery Block allows Stored XSS. This issue affects Kona Gallery Block: from n/a through 1.7. -- Feb 7, 2025
CVE-2025-25079 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Garrett Grimm Simple Select All Text Box allows Stored XSS. This issue affects Simple Select All Text Box: from n/a through 3.2. -- Feb 7, 2025
CVE-2025-25078 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Andrew Norcross Google Earth Embed allows Stored XSS. This issue affects Google Earth Embed: from n/a through 1.0. -- Feb 7, 2025
CVE-2025-25077 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in dugbug Easy Chart Builder for WordPress allows Stored XSS. This issue affects Easy Chart Builder for WordPress: from n/a through 1.3. -- Feb 7, 2025
CVE-2025-25076 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in nicholaswilson Graceful Email Obfuscation allows Stored XSS. This issue affects Graceful Email Obfuscation: from n/a through 0.2.2. -- Feb 7, 2025
CVE-2025-25075 Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area allows Stored XSS. This issue affects Show notice or message on admin area: from n/a through 2.0. -- Feb 7, 2025
CVE-2025-25074 Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1. -- Feb 7, 2025
CVE-2025-25073 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Vasilis Triantafyllou Easy WP Tiles allows Stored XSS. This issue affects Easy WP Tiles: from n/a through 1. -- Feb 7, 2025
CVE-2025-25072 Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page allows Stored XSS. This issue affects WP Admin Custom Page: from n/a through 1.5.0. -- Feb 7, 2025
CVE-2025-25071 Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads allows Stored XSS. This issue affects Vignette Ads: from n/a through 0.2. -- Feb 7, 2025
CVE-2025-25069 A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn\'t detect if Host: or POST appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained with SSRF. It is similiar to CVE-2016-10517 in Redis. This issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0. Users are recommended to upgrade to version 2.11.1, which fixes the issue. -- Feb 7, 2025
CVE-2025-25066 nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c. -- Feb 3, 2025
CVE-2025-25065 SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints. -- Feb 4, 2025
CVE-2025-25064 SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could retrieve email metadata. -- Feb 6, 2025
CVE-2025-25063 An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, it is possible to execute scripting in the browser when an SVG image is viewed. This issue is mitigated by the attacker needing to be able to upload SVG images, and that Backdrop embeds all uploaded SVG images within <img> tags, which prevents scripting from executing. The SVG must be viewed directly by its URL in order to run any embedded scripting. -- Feb 3, 2025
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online