Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 197953 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2025-22827 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Joomag. WP Joomag allows DOM-Based XSS.This issue affects WP Joomag: from n/a through 2.5.2. -- Jan 9, 2025 n/a
CVE-2025-22826 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in wpecommerce, wp.insider Sell Digital Downloads allows Stored XSS.This issue affects Sell Digital Downloads: from n/a through 2.2.7. -- Jan 9, 2025 n/a
CVE-2025-22824 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Lucia Intelisano Live Flight Radar allows Stored XSS.This issue affects Live Flight Radar: from n/a through 1.0. -- Jan 9, 2025 n/a
CVE-2025-22823 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Justin Twerdy Genesis Style Shortcodes allows DOM-Based XSS.This issue affects Genesis Style Shortcodes: from n/a through 1.0. -- Jan 9, 2025 n/a
CVE-2025-22822 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Bishawjit Das wp custom countdown allows Stored XSS.This issue affects wp custom countdown: from n/a through 2.8. -- Jan 9, 2025 n/a
CVE-2025-22821 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in vfthemes StorePress allows DOM-Based XSS.This issue affects StorePress: from n/a through 1.0.12. -- Jan 9, 2025 n/a
CVE-2025-22820 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Daniel Walmsley VR Views allows Stored XSS.This issue affects VR Views: from n/a through 1.5.1. -- Jan 9, 2025 n/a
CVE-2025-22819 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in 4wpbari Qr Code and Barcode Scanner Reader allows Stored XSS.This issue affects Qr Code and Barcode Scanner Reader: from n/a through 1.0.0. -- Jan 9, 2025 n/a
CVE-2025-22818 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in S3Bubble S3Player – WooCommerce & Elementor Integration allows Stored XSS.This issue affects S3Player – WooCommerce & Elementor Integration: from n/a through 4.2.1. -- Jan 9, 2025 n/a
CVE-2025-22817 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Venutius BP Profile Shortcodes Extra allows Stored XSS.This issue affects BP Profile Shortcodes Extra: from n/a through 2.6.0. -- Jan 9, 2025 n/a
CVE-2025-22815 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in bPlugins LLC Button Block allows Stored XSS.This issue affects Button Block: from n/a through 1.1.6. -- Jan 9, 2025 n/a
CVE-2025-22814 Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Admin Theme allows Cross Site Request Forgery.This issue affects Zephyr Admin Theme: from n/a through 1.4.1. -- Jan 9, 2025 n/a
CVE-2025-22813 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ChatBot for WordPress - WPBot Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.4.2. -- Jan 9, 2025 n/a
CVE-2025-22812 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in FlickDevs News Ticker Widget for Elementor allows Stored XSS.This issue affects News Ticker Widget for Elementor: from n/a through 1.3.2. -- Jan 9, 2025 n/a
CVE-2025-22811 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Modeltheme MT Addons for Elementor allows Stored XSS.This issue affects MT Addons for Elementor: from n/a through 1.0.6. -- Jan 9, 2025 n/a
CVE-2025-22810 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CBB Team Content Blocks Builder allows Stored XSS.This issue affects Content Blocks Builder: from n/a through 2.7.6. -- Jan 9, 2025 n/a
CVE-2025-22809 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Gravity Master PDF Catalog Woocommerce allows DOM-Based XSS.This issue affects PDF Catalog Woocommerce: from n/a through 2.0. -- Jan 9, 2025 n/a
CVE-2025-22808 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Surbma Surbma | Premium WP allows DOM-Based XSS.This issue affects Surbma | Premium WP: from n/a through 9.0. -- Jan 9, 2025 n/a
CVE-2025-22807 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Robert Peake Responsive Flickr Slideshow allows Stored XSS.This issue affects Responsive Flickr Slideshow: from n/a through 2.6.0. -- Jan 9, 2025 n/a
CVE-2025-22806 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Modernaweb Studio Black Widgets For Elementor allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.8. -- Jan 9, 2025 n/a
CVE-2025-22805 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThemePoints Skill Bar allows Stored XSS.This issue affects Skill Bar: from n/a through 1.2. -- Jan 9, 2025 n/a
CVE-2025-22804 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.23. -- Jan 9, 2025 n/a
CVE-2025-22803 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in VillaTheme Advanced Product Information for WooCommerce allows Stored XSS.This issue affects Advanced Product Information for WooCommerce: from n/a through 1.1.4. -- Jan 9, 2025 n/a
CVE-2025-22802 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in add-ons.org Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail allows Stored XSS.This issue affects Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail: from n/a through 2.1.4. -- Jan 9, 2025 n/a
CVE-2025-22801 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in HasThemes Free WooCommerce Theme 99fy Extension allows Stored XSS.This issue affects Free WooCommerce Theme 99fy Extension: from n/a through 1.2.8. -- Jan 9, 2025 n/a
CVE-2025-22595 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Yamna Khawaja Mailing Group Listserv allows Reflected XSS.This issue affects Mailing Group Listserv: from n/a through 2.0.9. -- Jan 9, 2025 n/a
CVE-2025-22594 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in hccoder – Sándor Fodor Better User Shortcodes allows Reflected XSS.This issue affects Better User Shortcodes: from n/a through 1.0. -- Jan 9, 2025 n/a
CVE-2025-22561 Missing Authorization vulnerability in Jason Funk Title Experiments Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Title Experiments Free: from n/a through 9.0.4. -- Jan 9, 2025 n/a
CVE-2025-22542 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Ofek Nakar Virtual Bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through 1.0.0. -- Jan 9, 2025 n/a
CVE-2025-22540 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Sebastian Orellana Emailing Subscription allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through 1.4.1. -- Jan 9, 2025 n/a
CVE-2025-22539 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ka2 Custom DataBase Tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through 2.1.34. -- Jan 9, 2025 n/a
CVE-2025-22537 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in traveller11 Google Maps Travel Route allows SQL Injection.This issue affects Google Maps Travel Route: from n/a through 1.3.1. -- Jan 9, 2025 n/a
CVE-2025-22535 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Jonathan Kern WPListCal allows SQL Injection.This issue affects WPListCal: from n/a through 1.3.5. -- Jan 9, 2025 n/a
CVE-2025-22527 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Yamna Khawaja Mailing Group Listserv allows SQL Injection.This issue affects Mailing Group Listserv: from n/a through 2.0.9. -- Jan 9, 2025 n/a
CVE-2025-22521 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Scott Farrell wp Hosting Performance Check allows Reflected XSS.This issue affects wp Hosting Performance Check: from n/a through 2.18.8. -- Jan 9, 2025 n/a
CVE-2025-22510 Deserialization of Untrusted Data vulnerability in Konrad Karpieszuk WC Price History for Omnibus allows Object Injection.This issue affects WC Price History for Omnibus: from n/a through 2.1.4. -- Jan 9, 2025 n/a
CVE-2025-22508 Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in Roninwp FAT Event Lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through 1.1. -- Jan 9, 2025 n/a
CVE-2025-22505 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Nabaraj Chapagain NC Wishlist for Woocommerce allows SQL Injection.This issue affects NC Wishlist for Woocommerce: from n/a through 1.0.1. -- Jan 9, 2025 n/a
CVE-2025-22504 Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through 0.2.18. -- Jan 9, 2025 n/a
CVE-2025-22449 Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the allow_open_invite field via making their team public. -- Jan 9, 2025 n/a
CVE-2025-22445 Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting. -- Jan 9, 2025 n/a
CVE-2025-22361 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Opentracker Opentracker Analytics allows Reflected XSS.This issue affects Opentracker Analytics: from n/a through 1.3. -- Jan 9, 2025 n/a
CVE-2025-22345 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tobias Spiess TS Comfort DB allows Reflected XSS.This issue affects TS Comfort DB: from n/a through 2.0.7. -- Jan 9, 2025 n/a
CVE-2025-22331 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in P3JX Cf7Save Extension allows Reflected XSS.This issue affects Cf7Save Extension: from n/a through 1. -- Jan 9, 2025 n/a
CVE-2025-22330 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mahesh Waghmare MG Parallax Slider allows Reflected XSS.This issue affects MG Parallax Slider: from n/a through 1.0.. -- Jan 9, 2025 n/a
CVE-2025-22313 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through 3.0. -- Jan 9, 2025 n/a
CVE-2025-22307 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CodeAstrology Team Product Table for WooCommerce allows Reflected XSS.This issue affects Product Table for WooCommerce: from n/a through 3.5.6. -- Jan 9, 2025 n/a
CVE-2025-22295 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto: from n/a through 8.0.5. -- Jan 9, 2025 n/a
CVE-2025-22215 VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with Organization Member access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network. -- Jan 8, 2025 n/a
CVE-2025-22151 Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL\'s relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node interface. When querying for a specific type using the global node field (e.g., FruitType:some-id), the resolver may incorrectly return an instance of a different type mapped to the same model (e.g., SpecialFruitType). This can lead to information disclosure if the alternate type exposes sensitive fields and potential privilege escalation if the alternate type contains data intended for restricted access. This vulnerability is fixed in 0.257.0. -- Jan 9, 2025 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online