The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2025-31335 | The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures). | -- | Mar 28, 2025 | n/a |
| CVE-2025-31181 | A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash. | -- | Mar 27, 2025 | n/a |
| CVE-2025-31180 | A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash. | -- | Mar 27, 2025 | n/a |
| CVE-2025-31179 | A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. | -- | Mar 27, 2025 | n/a |
| CVE-2025-31178 | A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. | -- | Mar 27, 2025 | n/a |
| CVE-2025-31177 | gnuplot 6.1 is affected by heap-buffer-overflow when executing | -- | Mar 27, 2025 | n/a |
| CVE-2025-31176 | A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash. | -- | Mar 27, 2025 | n/a |
| CVE-2025-31165 | Cross-Site Scripting (XSS) vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature. | -- | Mar 27, 2025 | n/a |
| CVE-2025-31160 | atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop. | -- | Mar 27, 2025 | n/a |
| CVE-2025-31141 | In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page | -- | Mar 27, 2025 | n/a |
| CVE-2025-31140 | In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page | -- | Mar 27, 2025 | n/a |
| CVE-2025-31139 | In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log | -- | Mar 27, 2025 | n/a |
| CVE-2025-31113 | Rejected reason: Not used | -- | Mar 27, 2025 | n/a |
| CVE-2025-31112 | Rejected reason: Not used | -- | Mar 27, 2025 | n/a |
| CVE-2025-31111 | Rejected reason: Not used | -- | Mar 27, 2025 | n/a |
| CVE-2025-31110 | Rejected reason: Not used | -- | Mar 27, 2025 | n/a |
| CVE-2025-31109 | Rejected reason: Not used | -- | Mar 27, 2025 | n/a |
| CVE-2025-31108 | Rejected reason: Not used | -- | Mar 27, 2025 | n/a |
| CVE-2025-31107 | Rejected reason: Not used | -- | Mar 27, 2025 | n/a |
| CVE-2025-31106 | Rejected reason: Not used | -- | Mar 27, 2025 | n/a |
| CVE-2025-31105 | Rejected reason: Not used | -- | Mar 27, 2025 | n/a |
| CVE-2025-31101 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact Form 7: from n/a through 1.0. | -- | Mar 27, 2025 | n/a |
| CVE-2025-31092 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS. This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.4. | -- | Mar 28, 2025 | n/a |
| CVE-2025-31031 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Astoundify Job Colors for WP Job Manager allows Stored XSS.This issue affects Job Colors for WP Job Manager: from n/a through 1.0.4. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30925 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in webangon The Pack Elementor addons allows Stored XSS. This issue affects The Pack Elementor addons: from n/a through 2.1.1. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30923 | Cross-Site Request Forgery (CSRF) vulnerability in powerfulwp Gift Message for WooCommerce allows Cross Site Request Forgery. This issue affects Gift Message for WooCommerce: from n/a through 1.7.8. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30922 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in simplebooklet Simplebooklet PDF Viewer and Embedder allows Stored XSS. This issue affects Simplebooklet PDF Viewer and Embedder: from n/a through 1.1.1. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30921 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Tribulant Software Newsletters allows SQL Injection. This issue affects Newsletters: from n/a through 4.9.9.7. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30920 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.7. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30919 | Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget allows Stored XSS. This issue affects Store Locator Widget: from n/a through 20200131. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30918 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in codemacher Structured Content allows Stored XSS. This issue affects Structured Content: from n/a through 1.6.3. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30914 | Server-Side Request Forgery (SSRF) vulnerability in XpeedStudio Metform allows Server Side Request Forgery. This issue affects Metform: from n/a through 3.9.2. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30912 | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu allows Cross Site Request Forgery. This issue affects Float menu: from n/a through 6.1.2. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30909 | Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Conversios.io: from n/a through 7.2.3. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30907 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30904 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Ays Pro Chartify allows Stored XSS. This issue affects Chartify: from n/a through 3.1.7. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30903 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Alex Mills SyntaxHighlighter Evolved allows DOM-Based XSS. This issue affects SyntaxHighlighter Evolved: from n/a through 3.7.1. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30900 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30899 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in wpeverest User Registration allows Stored XSS. This issue affects User Registration: from n/a through 4.0.3. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30898 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mahdi Yousefi [MahdiY] ?????? ??? ? ??? ??????? (??? ?????? ? ??????? ??? ??????) allows Stored XSS. This issue affects ?????? ??? ? ??? ??????? (??? ?????? ? ??????? ??? ??????): from n/a through 4.2.3. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30897 | Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.1. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30896 | Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP ERP: from n/a through 1.13.4. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30895 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in magepeopleteam WpEvently allows PHP Local File Inclusion. This issue affects WpEvently: from n/a through 4.2.9. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30894 | Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Fast Total Search: from n/a through 1.79.262. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30893 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in LeadConnector LeadConnector allows DOM-Based XSS. This issue affects LeadConnector: from n/a through 3.0.2. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30891 | Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in magepeopleteam WpTravelly allows PHP Local File Inclusion. This issue affects WpTravelly: from n/a through 1.8.7. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30890 | Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in SuitePlugins Login Widget for Ultimate Member allows PHP Local File Inclusion. This issue affects Login Widget for Ultimate Member: from n/a through 1.1.2. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30888 | Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce allows Cross Site Request Forgery. This issue affects Custom Fields Account Registration For Woocommerce: from n/a through 1.1. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30887 | Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.2.9. | -- | Mar 27, 2025 | n/a |
| CVE-2025-30885 | URL Redirection to Untrusted Site (\'Open Redirect\') vulnerability in Bit Apps Bit Form – Contact Form Plugin allows Phishing. This issue affects Bit Form – Contact Form Plugin: from n/a through 2.18.0. | -- | Mar 27, 2025 | n/a |
