The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2025-26819 | Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections. | -- | Feb 15, 2025 |
| CVE-2025-26816 | A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially sensitive data from a different user context. | -- | Mar 20, 2025 |
| CVE-2025-26803 | The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method. | -- | Feb 24, 2025 |
| CVE-2025-26796 | ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | -- | Mar 24, 2025 |
| CVE-2025-26794 | Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. | -- | Feb 22, 2025 |
| CVE-2025-26793 | The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires many steps. Attackers can use the credentials over the Internet via mesh.webadmin.MESHAdminServlet to gain access to dozens of Canadian and U.S. apartment buildings and obtain building residents\' PII. NOTE: the Supplier\'s perspective is that the vulnerable systems are not following manufacturers\' recommendations to change the default password. | -- | Feb 15, 2025 |
| CVE-2025-26791 | DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS). | -- | Feb 14, 2025 |
| CVE-2025-26789 | An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about AgentX Manager in a Logpoint deployment. | -- | Feb 14, 2025 |
| CVE-2025-26788 | StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction. | -- | Feb 15, 2025 |
| CVE-2025-26779 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Fahad Mahmood Keep Backup Daily allows Path Traversal. This issue affects Keep Backup Daily: from n/a through 2.1.0. | -- | Feb 16, 2025 |
| CVE-2025-26778 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Gallery allows Stored XSS. This issue affects Gallery: from n/a through 2.2.1. | -- | Feb 17, 2025 |
| CVE-2025-26776 | Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3. | -- | Feb 22, 2025 |
| CVE-2025-26775 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in RealMag777 BEAR allows Stored XSS. This issue affects BEAR: from n/a through 1.1.4.4. | -- | Feb 17, 2025 |
| CVE-2025-26774 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Rock Solid Responsive Modal Builder for High Conversion – Easy Popups allows Reflected XSS. This issue affects Responsive Modal Builder for High Conversion – Easy Popups: from n/a through 1.5.0. | -- | Feb 22, 2025 |
| CVE-2025-26773 | Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.0. | -- | Feb 17, 2025 |
| CVE-2025-26772 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Detheme DethemeKit For Elementor allows Stored XSS. This issue affects DethemeKit For Elementor: from n/a through 2.1.8. | -- | Feb 17, 2025 |
| CVE-2025-26771 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.7. | -- | Feb 17, 2025 |
| CVE-2025-26770 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Joe Waymark allows Stored XSS. This issue affects Waymark: from n/a through 1.5.0. | -- | Feb 17, 2025 |
| CVE-2025-26769 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Webilia Inc. Vertex Addons for Elementor allows Stored XSS. This issue affects Vertex Addons for Elementor: from n/a through 1.2.0. | -- | Feb 17, 2025 |
| CVE-2025-26768 | Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field allows Stored XSS. This issue affects what3words Address Field: from n/a through 4.0.15. | -- | Feb 16, 2025 |
| CVE-2025-26767 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Themeum Qubely – Advanced Gutenberg Blocks allows Stored XSS. This issue affects Qubely – Advanced Gutenberg Blocks: from n/a through 1.8.12. | -- | Feb 16, 2025 |
| CVE-2025-26766 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in VaultDweller Leyka allows Stored XSS. This issue affects Leyka: from n/a through 3.31.8. | -- | Feb 16, 2025 |
| CVE-2025-26765 | Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22. | -- | Feb 16, 2025 |
| CVE-2025-26764 | Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22. | -- | Feb 22, 2025 |
| CVE-2025-26763 | Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection. This issue affects Responsive Slider by MetaSlider: from n/a through 3.94.0. | -- | Feb 22, 2025 |
| CVE-2025-26762 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Automattic WooCommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 9.7.0. | -- | Mar 27, 2025 |
| CVE-2025-26761 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in HashThemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons: from n/a through 2.1.5. | -- | Feb 16, 2025 |
| CVE-2025-26760 | Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in Wow-Company Calculator Builder allows PHP Local File Inclusion. This issue affects Calculator Builder: from n/a through 1.6.2. | -- | Feb 22, 2025 |
| CVE-2025-26759 | Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager allows Stored XSS. This issue affects Content Snippet Manager: from n/a through 1.1.5. | -- | Feb 16, 2025 |
| CVE-2025-26758 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds allows Retrieve Embedded Sensitive Data. This issue affects Spotlight Social Media Feeds: from n/a through 1.7.1. | -- | Feb 17, 2025 |
| CVE-2025-26757 | Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in FULL SERVICES FULL Customer allows PHP Local File Inclusion. This issue affects FULL Customer: from n/a through 3.1.26. | -- | Feb 22, 2025 |
| CVE-2025-26756 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in grimdonkey Magic the Gathering Card Tooltips allows Stored XSS. This issue affects Magic the Gathering Card Tooltips: from n/a through 3.5.0. | -- | Feb 22, 2025 |
| CVE-2025-26755 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in jgwhite33 WP Airbnb Review Slider allows Blind SQL Injection. This issue affects WP Airbnb Review Slider: from n/a through 3.9. | -- | Feb 16, 2025 |
| CVE-2025-26754 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in bPlugins Timeline Block allows Stored XSS. This issue affects Timeline Block: from n/a through 1.1.1. | -- | Feb 17, 2025 |
| CVE-2025-26753 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2. | -- | Feb 25, 2025 |
| CVE-2025-26752 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2. | -- | Feb 25, 2025 |
| CVE-2025-26751 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Fahad Mahmood Alphabetic Pagination allows Reflected XSS. This issue affects Alphabetic Pagination: from n/a through 3.2.1. | -- | Feb 25, 2025 |
| CVE-2025-26750 | Missing Authorization vulnerability in appsbd Vitepos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Vitepos: from n/a through 3.1.3. | -- | Feb 22, 2025 |
| CVE-2025-26747 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in 99colorthemes RainbowNews allows Stored XSS.This issue affects RainbowNews: from n/a through 1.0.7. | -- | Mar 27, 2025 |
| CVE-2025-26742 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35. | -- | Mar 25, 2025 |
| CVE-2025-26739 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in themefunction newseqo allows Stored XSS.This issue affects newseqo: from n/a through 2.1.1. | -- | Mar 27, 2025 |
| CVE-2025-26738 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Graham Quick Interest Slider allows DOM-Based XSS.This issue affects Quick Interest Slider: from n/a through 3.1.3. | -- | Mar 27, 2025 |
| CVE-2025-26737 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5. | -- | Mar 27, 2025 |
| CVE-2025-26736 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in viktoras MorningTime Lite allows Stored XSS.This issue affects MorningTime Lite: from n/a through 1.3.2. | -- | Mar 27, 2025 |
| CVE-2025-26734 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in peregrinethemes Hester allows Stored XSS.This issue affects Hester: from n/a through 1.1.10. | -- | Mar 27, 2025 |
| CVE-2025-26733 | Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. | -- | Mar 27, 2025 |
| CVE-2025-26732 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BurgerThemes StoreBiz allows DOM-Based XSS.This issue affects StoreBiz: from n/a through 1.0.32. | -- | Mar 27, 2025 |
| CVE-2025-26731 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Repute Infosystems ARPrice allows Stored XSS.This issue affects ARPrice: from n/a through 4.1.3. | -- | Mar 27, 2025 |
| CVE-2025-26708 | There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service. | -- | Mar 7, 2025 |
| CVE-2025-26707 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. | -- | Mar 11, 2025 |
