The CVE-2025-29455 vulnerability allows a remote attacker to access sensitive information through the "Travel Ideas" function in the Personal Management System version 1.4.65.
This vulnerability is a problem because it enables unauthorized access to sensitive information, which can be used for malicious purposes, potentially leading to data breaches, identity theft, or other security threats.
The CVE-2025-29454 vulnerability allows a remote attacker to obtain sensitive information by exploiting an issue in the Upload function of the Personal Management System version 1.4.65.
This vulnerability is a problem because it enables unauthorized access to sensitive information, which can lead to data breaches, identity theft, and other malicious activities, compromising the confidentiality and security of the affected system and its users.
This vulnerability allows a remote attacker to access sensitive information in Seo Panel 4.11.0 by exploiting a weakness in the Proxy Manager component.
This vulnerability is a problem because it enables unauthorized access to sensitive information, which can be used for malicious purposes, potentially leading to data breaches, identity theft, or other security threats.
This vulnerability in Seo Panel 4.11.0 allows a remote attacker to access sensitive information through the Mail Setting component, potentially exposing confidential data.
This vulnerability is a problem because it enables unauthorized access to sensitive information, which could be used for malicious purposes, such as identity theft, phishing, or other cyber attacks, compromising the security and privacy of the affected system and its users.
This vulnerability allows a remote attacker to access sensitive information through the site settings component in twonav version 2.1.18-20241105.
This is a problem because it enables unauthorized access to confidential data, which could lead to security breaches, data theft, or other malicious activities.
This vulnerability in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information by exploiting the link identification function.
This vulnerability is a problem because it enables unauthorized access to sensitive information, which could lead to data breaches, identity theft, or other malicious activities, compromising the security and confidentiality of the affected system or organization.
This vulnerability allows an attacker to upload any file to the system without restriction by manipulating the "Avatar" argument in the /edit-photo.php file of the SourceCodester Web-based Pharmacy Product Management System 1.0.
This is a problem because it enables attackers to upload malicious files, such as viruses or backdoors, to the system, potentially leading to a takeover of the system, data theft, or other malicious activities, all of which can be initiated remotely.
This vulnerability allows an attacker to upload files without restrictions to the SourceCodester Web-based Pharmacy Product Management System 1.0 by manipulating the "Avatar" argument in the /edit-product.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to upload malicious files, such as malware or backdoors, to the system, potentially leading to unauthorized access, data breaches, or disruption of service.
The HCL MyXalytics system has a weakness in its SSL/TLS protocol, making it vulnerable to BREACH and LUCKY13 attacks, which can allow attackers to intercept and decrypt encrypted data or inject malicious code.
This vulnerability is a problem because it can enable attackers to steal sensitive information, compromise the security of the system, and potentially gain unauthorized access to confidential data.
This vulnerability allows an attacker to overflow a buffer in the Password Handler component of the SourceCodester Phone Management System 1.0 by manipulating a specific argument, potentially leading to unauthorized access or code execution.
This vulnerability is a problem because it can be exploited by an attacker with local access to the system, potentially allowing them to gain control or disrupt the system, and the exploit has been made public, making it more likely to be used by malicious actors.
The CVE-2025-3762 vulnerability allows an attacker to overflow a buffer in the PCMan FTP Server 2.0.7 by manipulating the MPUT Command Handler, which can be done remotely.
This vulnerability is a problem because it can be exploited by attackers to potentially execute arbitrary code, gain unauthorized access, or disrupt the server, leading to data breaches, system compromise, or denial-of-service attacks.
The CVE-2025-29316 vulnerability allows an attacker with physical access to exploit an issue in the DataPatrol Screenshot watermark, printing watermark agent version 3.5.2.0, potentially giving them access to sensitive information.
This vulnerability is a problem because it could enable an unauthorized person to obtain confidential data, which could lead to data breaches, identity theft, or other malicious activities, especially if the attacker is in close physical proximity to the affected system.
This vulnerability allows an attacker to trick an authenticated user into performing unintended actions on a Commercify v1.0 system, by exploiting a lack of protection against Cross-Site Request Forgery (CSRF) attacks on sensitive endpoints.
This is a problem because it enables attackers to hijack authenticated user sessions, potentially leading to unauthorized data modification, theft, or other malicious activities, which can compromise the security and integrity of the system and its data.
This vulnerability allows an attacker to delete any article title on a flaskBlog website by sending a specially crafted POST request to the /post/{postTitle} component, even if the article was created by another user.
This vulnerability is a problem because it enables unauthorized users to maliciously delete content created by others, potentially disrupting the integrity and availability of information on the website, and undermining the trust of its users.
This vulnerability allows an attacker to inject malicious SQL code into the Dietiqa App's progress-body-weight.php endpoint through the 'u' parameter, potentially giving them unauthorized access to sensitive database information.
This vulnerability is a problem because it could allow attackers to extract, modify, or delete sensitive data, disrupt the application's functionality, or even gain control of the entire database, leading to serious security breaches and data losses.
The CVE-2025-26269 vulnerability allows authenticated users to crash the DragonflyDB daemon by executing a specific Lua library command that references a large negative integer, resulting in a denial of service.
This vulnerability is a problem because it enables malicious users to intentionally disrupt the service, causing downtime and potentially leading to data loss or other security issues, even if they have authenticated access to the system.
This vulnerability allows authenticated users to crash the DragonflyDB daemon by sending a specifically crafted Redis command, due to a lack of validation on the scan cursor.
This vulnerability is a problem because it enables malicious users to intentionally disrupt the service, causing a denial of service and potentially leading to system downtime, data loss, or other security issues.
The Tenda AC10 V4.0si_V16.03.10.20 router has a vulnerability that allows a buffer overflow attack when the AdvSetMacMtuWan function is used with the wanMTU2 parameter, potentially enabling an attacker to execute malicious code.
This vulnerability is a problem because it could allow an attacker to gain control of the router, leading to unauthorized access to the network, data theft, or disruption of internet services, which can compromise the security and privacy of users.
The Tenda AC10 router, version V4.0si_V16.03.10.20, has a buffer overflow vulnerability in the AdvSetMacMtuWan function, which can be triggered through the wanSpeed2 parameter, allowing an attacker to potentially execute arbitrary code.
This vulnerability is a problem because it could allow an attacker to crash the router, gain unauthorized access, or take control of the device, which could lead to further malicious activities such as data theft, malware distribution, or disruption of network services.
The CVE-2024-55211 vulnerability allows attackers to bypass authentication on Think Router Tk-Rt-Wr135G V3.0.2-X000 devices by using a specially crafted cookie, potentially giving them unauthorized access to the router.
This vulnerability is a problem because it enables attackers to gain access to the router without a password, allowing them to modify settings, steal sensitive information, or use the router as a launchpoint for further attacks on the network.
The Pycel vulnerability allows an attacker to execute code on a system by crafting a malicious formula in a spreadsheet cell, potentially leading to unauthorized actions such as executing system commands.
This vulnerability is a problem because it enables attackers to run arbitrary code on a system, which can result in data theft, system compromise, or other malicious activities, especially when operating on untrusted spreadsheets.
The CVE-2021-47671 is a memory leak vulnerability in the Linux kernel, specifically in the es58x_rx_err_msg() function of the can: etas_es58x module. When an error occurs, the function fails to free a previously allocated memory block (skb), causing a memory leak.
This vulnerability is a problem because it can lead to memory exhaustion over time, potentially causing the system to become unstable or even crash. An attacker could exploit this vulnerability to disrupt system operations or gain unauthorized access.
The CVE-2021-47670 vulnerability is a "use after free" bug in the Linux kernel, specifically in the peak_usb component. This occurs when the `peak_usb_netif_rx_ni(skb)` function is called, and then the `skb` (socket buffer) is accessed again, which is unsafe because the memory it points to has already been freed.
This vulnerability is a problem because it can cause the system to crash or behave unexpectedly, potentially leading to a denial-of-service (DoS) condition. Additionally, in some cases, it may be possible for an attacker to exploit this vulnerability to execute arbitrary code or escalate privileges.
The CVE-2021-47669 is a use-after-free bug in the Linux kernel's vxcan module, where the system attempts to access memory that has already been freed after calling a specific network function, potentially causing errors or crashes.
This vulnerability is a problem because it can lead to system instability, crashes, or potentially allow an attacker to execute arbitrary code, compromising the security and integrity of the system.
The CVE-2021-47668 is a use-after-free bug in the Linux kernel that occurs when the network interface receives a packet (skb) and then accesses the packet's memory after it has been freed.
This vulnerability is a problem because it allows for potential data corruption or crashes, as the kernel is trying to access memory that has already been released. This could lead to instability or security issues in systems that rely on the affected Linux kernel.
The CVE-2020-36789 vulnerability is a bug in the Linux kernel that occurs when a driver calls the can_get_echo_skb() function during a hardware IRQ, potentially triggering a warning and risking a NULL pointer dereference due to the incorrect call to kfree_skb() instead of dev_kfree_skb_irq().
This vulnerability is a problem because it can cause network congestion and potentially lead to system crashes or instability, particularly in environments where the CAN (Controller Area Network) stack is used, such as in automotive or industrial control systems.
This vulnerability allows a crafted XML document or schema to cause a heap-based buffer underflow in the libxml2 library, specifically when validating an XML document against a schema with certain identity constraints or when using a crafted XML schema.
This vulnerability is a problem because it can potentially be exploited by attackers to execute arbitrary code, crash systems, or disclose sensitive information, which could lead to security breaches and data compromise.
This vulnerability allows a malicious actor to use a specific OS command to elevate their privileges and gain root access to the host operating system on IBM i 7.6, due to incorrect profile swapping.
This is a problem because it enables an attacker to gain unrestricted access to the system, potentially allowing them to steal sensitive data, disrupt operations, or install malware, which can lead to significant financial and reputational damage.
This vulnerability allows an unauthenticated attacker to execute system code on a LandChat server from a remote location, giving them control over the system.
This is a problem because it enables an attacker to access and manipulate the system without needing any credentials, potentially leading to data breaches, system compromise, and other malicious activities.
The CVE-2025-29661 vulnerability allows for Remote Code Execution (RCE) in the Litepubl CMS version 7.0.9 and earlier, specifically in the admin/service/run component, enabling an attacker to execute malicious code on the affected system.
This vulnerability is a problem because it gives attackers the ability to run arbitrary code on the vulnerable system, potentially leading to unauthorized access, data breaches, and system compromise, which can have severe consequences for the security and integrity of the affected system and its data.
This vulnerability allows an attacker to inject malicious SQL code into the FOXCMS system through the 'title' parameter in the /admin/util/Field.php file, potentially giving them unauthorized access to sensitive database information.
This SQL injection vulnerability is a problem because it can enable attackers to extract, modify, or delete sensitive data, disrupt database operations, or even gain control of the entire system, leading to serious security breaches and potential data losses.
This vulnerability allows an attacker to inject malicious SQL code into the database of a FOXCMS installation (version 1.25 or earlier) through the installdb.php file, by manipulating the url_prefix, domain, and my_website parameters.
This vulnerability is a problem because it enables attackers to access, modify, or extract sensitive data from the database, potentially leading to unauthorized access, data breaches, or disruption of the application.
The CVE-2025-29039 vulnerability allows a remote attacker to execute arbitrary code on the D-Link DIR 832 router, specifically through the function 0x41dda8, potentially giving them control over the device.
This vulnerability is a problem because it enables unauthorized access and control of the router, which can lead to a range of malicious activities such as data theft, malware distribution, and disruption of network services.
The CVE-2024-40124 vulnerability allows an attacker to inject malicious code into the Pydio Core application via the New URL Bookmark feature, potentially leading to Cross Site Scripting (XSS) attacks.
This vulnerability is a problem because it enables attackers to execute arbitrary code on the application, which can result in unauthorized access, data theft, or other malicious activities, compromising the security and integrity of the system.
The CVE-2025-43015 vulnerability allows remote interpreters in JetBrains RubyMine versions before 2025.1 to overwrite ports, making the application listen on all interfaces, potentially exposing it to unauthorized access.
This vulnerability is a problem because it could allow attackers to access and manipulate the application from any interface, potentially leading to data breaches, unauthorized code execution, or other malicious activities, especially since it affects remote interpreters which may be used in collaborative or cloud-based development environments.
The JetBrains Toolbox App SSH plugin establishes connections without sufficient user confirmation, allowing unauthorized access to occur before version 2.6.
This vulnerability is a problem because it enables potential attackers to establish connections without the user's knowledge or explicit consent, which could lead to unauthorized data access or malicious activities.
The JetBrains Toolbox App, prior to version 2.6, allows unencrypted transmission of credentials during SSH authentication, potentially exposing sensitive information.
This vulnerability is a problem because it enables attackers to intercept and access sensitive credentials, such as passwords or private keys, which could lead to unauthorized access to systems, data breaches, or other malicious activities.
The CVE-2025-43012 vulnerability allows for command injection in the SSH plugin of JetBrains Toolbox App versions before 2.6, enabling an attacker to execute unauthorized commands.
This vulnerability is a problem because it can give an attacker control over a user's system, allowing them to access sensitive data, install malware, or disrupt system operations, which can lead to significant security breaches and data losses.
The JetBrains Toolbox App, prior to version 2.6, has a vulnerability in its SSH plugin where it fails to verify the host key, allowing a potential man-in-the-middle attack.
This vulnerability is a problem because it allows an attacker to intercept and manipulate sensitive data, potentially leading to unauthorized access, data theft, or other malicious activities, all while appearing to be a legitimate connection.
The CVE-2025-39596 vulnerability allows attackers to exploit weak authentication in Quentn WP, enabling them to escalate their privileges and gain unauthorized access to sensitive areas of the system.
This vulnerability is a significant problem because it can be used by attackers to bypass normal security controls, gain elevated access, and potentially steal or modify sensitive data, leading to serious security breaches and damage.
This vulnerability allows an attacker to inject malicious SQL code into the Quentn WP application, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it could allow an attacker to extract, modify, or delete sensitive data, leading to a significant security breach and potential financial or reputational damage.
The CVE-2025-39594 vulnerability allows an attacker to inject malicious code into web pages generated by the Bob Arigato Autoresponder and Newsletter, enabling Reflected Cross-site Scripting (XSS) attacks.
This vulnerability is a problem because it can be exploited by attackers to steal user data, take control of user sessions, or perform other malicious actions, potentially compromising the security and privacy of users interacting with the affected system.
The CVE-2025-39588 vulnerability allows an attacker to inject malicious objects into the Ultimate Store Kit Elementor Addons through deserialization of untrusted data, potentially leading to unauthorized access and control.
This vulnerability is a problem because it enables attackers to execute arbitrary code, leading to a complete takeover of the affected system, and potentially allowing them to steal sensitive data, disrupt service, or spread malware, due to its high severity score of 9.8.
The CVE-2025-39587 vulnerability allows an attacker to inject malicious SQL code into the Stylemix Cost Calculator Builder, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can lead to unauthorized data access, modification, or deletion, and can also be used to escalate privileges, allowing attackers to take control of the affected system, which can have severe consequences for the security and integrity of the data.
The CVE-2025-39586 vulnerability allows an attacker to inject malicious SQL code into the Metagauss ProfileGrid database, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it could allow an attacker to extract, modify, or delete sensitive data, leading to a significant security breach and potentially compromising user information.
The CVE-2025-39583 vulnerability allows unauthorized access to berthaai BERTHA AI due to missing authorization, exploiting incorrectly configured access control security levels in versions from 1.12.10.2 and earlier.
This vulnerability is a problem because it enables unauthorized users to gain access to sensitive areas of the BERTHA AI system, potentially leading to data breaches, tampering, or other malicious activities, which can compromise the security and integrity of the system.
The CVE-2025-39580 vulnerability allows unauthorized access to certain functionalities in the jidaikobo Dashi system, which are not properly restricted by access control lists (ACLs).
This vulnerability is a problem because it enables malicious users to access and potentially exploit sensitive features or data that they should not have permission to access, which can lead to security breaches and data compromise.
The CVE-2025-39569 vulnerability allows an attacker to inject malicious SQL code into Taskbuilder, enabling them to access and manipulate sensitive data without being detected, due to the improper neutralization of special elements used in SQL commands.
This vulnerability is a problem because it can lead to unauthorized access to sensitive data, modification of database records, and potentially even complete control over the database, resulting in significant security breaches and data losses.
The CVE-2025-39568 vulnerability allows an attacker to access files and directories outside of the intended restricted directory in the Arture B.V. StoreContrl Woocommerce plugin, due to improper limitation of pathname restrictions.
This vulnerability is a problem because it enables attackers to potentially read, modify, or delete sensitive files, leading to unauthorized access, data breaches, and system compromises, which can have serious consequences for the security and integrity of the affected system.
The CVE-2025-39567 vulnerability allows an attacker to inject malicious code into a web page via a reflected Cross-site Scripting (XSS) attack, exploiting the improper neutralization of input during web page generation in the Shamalli Web Directory Free.
This vulnerability is a problem because it enables attackers to execute malicious scripts on a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities, affecting users of the Shamalli Web Directory Free version 1.7.8 and earlier.
The CVE-2025-39562 vulnerability allows an attacker to inject malicious code into the Payment Form for PayPal Pro, enabling Stored Cross-site Scripting (XSS) attacks, which can be stored on the website and executed when other users access the page.
This vulnerability is a problem because it enables attackers to steal user data, take control of user sessions, and perform unauthorized actions on behalf of the user, potentially leading to financial loss, identity theft, and other malicious activities.
The CVE-2025-39559 vulnerability allows unauthorized access to certain features in the Bring Fraktguiden for WooCommerce plugin due to missing authorization checks, potentially allowing exploitation of incorrectly configured access control security levels.
This vulnerability is a problem because it can enable malicious actors to access sensitive areas of the plugin without proper clearance, potentially leading to data breaches, unauthorized modifications, or other security incidents, compromising the integrity and confidentiality of the affected system.
The CVE-2025-39558 vulnerability allows an attacker to inject malicious code into a web page generated by CRM Perks, enabling Reflected Cross-site Scripting (XSS) attacks. This occurs due to improper neutralization of user input during web page generation.
This vulnerability is a problem because it enables attackers to trick users into executing malicious code, potentially leading to unauthorized access, data theft, or other malicious activities. The severity of 7.1 indicates a significant risk, making it essential to address this issue promptly.
The CVE-2025-39554 vulnerability allows unauthorized access to the AI Text to Speech feature in RelyWP due to missing authorization, enabling exploitation of incorrectly configured access control security levels in versions up to 3.0.3.
This vulnerability is a problem because it enables unauthorized users to access and potentially manipulate the AI Text to Speech feature, which could lead to security breaches, data leaks, or other malicious activities, compromising the integrity and confidentiality of the system.
The CVE-2025-39551 vulnerability allows an attacker to inject malicious objects into the Mahmudul Hasan Arif FluentBoards system by deserializing untrusted data, potentially leading to unauthorized access and control.
This vulnerability is a significant problem because it can enable attackers to execute arbitrary code, steal sensitive data, or disrupt the system's functionality, resulting in severe consequences due to its high severity score of 9.8.
The CVE-2025-39550 vulnerability allows an attacker to inject malicious objects into the Shahjahan Jewel FluentCommunity system by exploiting a deserialization of untrusted data flaw, potentially leading to unauthorized access and control.
This vulnerability is a significant problem because it can enable attackers to execute malicious code, steal sensitive data, or disrupt the system's functionality, posing a substantial risk to the security and integrity of the affected system, with a severity score of 9.8 indicating a critical threat.
The CVE-2025-39542 vulnerability allows an attacker to escalate their privileges in the Jauhari Xelion Xelion Webchat system due to an incorrect assignment of privileges.
This vulnerability is a problem because it enables unauthorized users to gain higher levels of access and control, potentially leading to sensitive data breaches, system compromise, and other malicious activities.
The CVE-2025-39535 vulnerability allows an attacker to bypass authentication in Vitepos applications, potentially giving them unauthorized access to the system by using an alternate path or channel.
This vulnerability is a problem because it enables attackers to circumvent normal security measures, gaining access to sensitive data and potentially causing harm without being detected or requiring legitimate credentials.
The CVE-2025-39533 vulnerability allows unauthorized access to escalate privileges in the Starfish Review Generation & Marketing system, due to a missing authorization mechanism.
This vulnerability is a problem because it enables attackers to gain higher-level access and potentially manipulate or exploit sensitive data, disrupting the system's integrity and confidentiality.
The CVE-2025-39532 vulnerability allows unauthorized access to Spice Blocks due to missing authorization, enabling exploitation of incorrectly configured access control security levels in versions up to 2.0.7.1.
This vulnerability is a problem because it enables unauthorized users to access sensitive information or perform actions they shouldn't be able to, potentially leading to data breaches, system compromises, or other malicious activities, especially given its severity score of 7.5.
The CVE-2025-39527 vulnerability allows an attacker to inject malicious objects into the Rating by BestWebSoft plugin due to the deserialization of untrusted data, potentially leading to unauthorized access and control.
This vulnerability is a problem because it enables object injection attacks, which can result in severe consequences, including data tampering, unauthorized access, and potential takeover of the affected system, posing a significant threat to the security and integrity of the plugin and its users.
The CVE-2025-39526 vulnerability allows an attacker to manipulate the filename used in include/require statements in a PHP program, enabling them to include and execute local files on the server, potentially leading to unauthorized access and code execution.
This vulnerability is a problem because it can be exploited by attackers to gain access to sensitive information, execute malicious code, and take control of the affected system, compromising the security and integrity of the Hotel Booking application and its data.
The CVE-2025-39521 vulnerability allows an attacker to inject malicious code into a web page through the Ashish Ajani Contact Form vCard Generator, enabling Reflected Cross-site Scripting (XSS) attacks.
This vulnerability is a problem because it can be used by attackers to steal user data, hijack user sessions, or perform other malicious actions on behalf of the user, potentially leading to security breaches and data theft.
The CVE-2025-39519 vulnerability allows an attacker to inject malicious code into a website through the rtpHarry Bulk Page Stub Creator, enabling Reflected Cross-Site Scripting (XSS) attacks. This means an attacker can trick users into clicking a link or submitting a form that executes the malicious code on the website.
This vulnerability is a problem because it enables attackers to steal user data, take control of user sessions, or perform other malicious actions on the affected website. The severity level of 7.1 indicates a significant risk, making it essential to address this issue promptly.
The CVE-2025-39464 vulnerability allows an attacker to inject malicious code into a website using the AdminQuickbar plugin, which can lead to Reflected Cross-site Scripting (XSS) attacks. This means an attacker can trick a user into clicking a link or submitting a form that executes the malicious code, potentially stealing sensitive information or taking control of the user's session.
This vulnerability is a problem because it enables attackers to launch targeted attacks on users of the affected website, potentially leading to unauthorized access, data theft, or other malicious activities. The severity score of 7.1 indicates that this is a significant vulnerability that should be addressed promptly.
The CVE-2025-39462 vulnerability allows an attacker to manipulate the filename used in PHP include/require statements, potentially leading to the execution of malicious code or the exposure of sensitive information through Local File Inclusion.
This vulnerability is a problem because it enables attackers to access and execute arbitrary files on the server, potentially allowing them to gain unauthorized access, steal sensitive data, or disrupt the system's operation.
The CVE-2025-39461 vulnerability allows an attacker to manipulate the filename used in include/require statements in a PHP program, potentially leading to the inclusion of malicious local files, due to a flaw in the Docket Cache system.
This vulnerability is a problem because it enables attackers to execute arbitrary code on the server, potentially leading to unauthorized access, data breaches, or other malicious activities, by exploiting the improper control of filename inclusion in the PHP program.
The CVE-2025-39457 vulnerability allows unauthorized access to the Booking and Rental Manager due to missing authorization, enabling exploitation of incorrectly configured access control security levels in versions up to 2.2.8.
This vulnerability is a problem because it can allow unauthorized users to access sensitive information or perform actions they should not be able to, potentially leading to data breaches, modifications, or other malicious activities.
The CVE-2025-39456 vulnerability allows unauthorized access to the iTRON WP Logger due to missing authorization, enabling exploitation of incorrectly configured access control security levels in versions 2.2 and earlier.
This vulnerability is a problem because it can be used by attackers to gain unauthorized access to sensitive information or systems, potentially leading to data breaches, tampering, or other malicious activities, especially in environments where access control is not properly configured.
The CVE-2025-39455 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the ip2location IP2Location Variables, which can also lead to Reflected Cross-Site Scripting (XSS) attacks, potentially giving the attacker access to sensitive information.
This vulnerability is a problem because it enables an attacker to trick users into performing unintended actions on the affected system, potentially leading to data theft, unauthorized access, or other malicious activities, which can compromise the security and integrity of the system and its users.
The CVE-2025-39453 vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) on websites using the Advanced Dynamic Pricing for WooCommerce plugin, versions 4.9.3 and below, enabling them to make unauthorized requests on behalf of the user.
This vulnerability is a problem because it can be used by attackers to manipulate user accounts, steal sensitive information, or perform malicious actions without the user's knowledge or consent, potentially leading to financial loss, data breaches, or other security incidents.
The CVE-2025-39452 vulnerability allows an attacker to include and execute local files on a server running the WPCafe theme, due to improper control of filenames in PHP include/require statements.
This vulnerability is a problem because it enables attackers to access and execute sensitive files on the server, potentially leading to unauthorized data access, code execution, and system compromise, which can result in significant security breaches and data losses.
The CVE-2025-39444 vulnerability allows an attacker to inject malicious code into web pages generated by MaxButtons, a plugin by maxfoundry, through a type of attack known as Stored Cross-site Scripting (XSS). This happens because the plugin fails to properly neutralize user input.
This vulnerability is a problem because it enables attackers to execute scripts on the victim's browser, potentially leading to unauthorized actions, data theft, or taking control of the user's session. This can compromise the security and privacy of users interacting with the affected web pages.
The CVE-2025-39443 vulnerability allows an attacker to perform unauthorized actions on a user's behalf by tricking them into performing a Cross-Site Request Forgery (CSRF) attack on Verge3D versions from unknown to 4.9.0.
This vulnerability is a problem because it enables an attacker to manipulate user interactions, potentially leading to unauthorized data modifications, sensitive information disclosure, or other malicious activities, which can compromise the security and integrity of the affected system.
The CVE-2025-39442 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the MessageMetric Review Wave – Google Places Reviews system, which can also lead to Stored Cross-Site Scripting (XSS) attacks.
This vulnerability is a problem because it enables attackers to trick users into performing unintended actions on the Review Wave system, potentially leading to unauthorized access, data theft, or other malicious activities, which can compromise the security and integrity of the system and its users.
The CVE-2025-39441 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the Dashboard Notepads application, which can lead to Stored Cross-Site Scripting (XSS) attacks. This means an attacker can trick a user into performing unintended actions on the application, and also store malicious scripts that can be executed by other users.
This vulnerability is a problem because it can be used by attackers to gain unauthorized access to user accounts, steal sensitive information, and perform malicious actions on behalf of the user. The Stored XSS aspect of the vulnerability makes it particularly dangerous, as it can affect multiple users and remain active even after the initial attack.
The CVE-2025-39440 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the Rajesh Broken Links Remover, which can also lead to Stored Cross-Site Scripting (XSS) attacks, enabling the execution of malicious code on the affected system.
This vulnerability is a problem because it can be exploited by attackers to trick users into performing unintended actions, potentially leading to unauthorized access, data theft, or malware distribution, which can compromise the security and integrity of the system and its data.
The CVE-2025-39439 vulnerability in the wpLike2Get plugin allows unauthorized access to sensitive system information, potentially exposing embedded sensitive data.
This vulnerability is a problem because it could allow attackers to gain access to confidential information, compromising the security and integrity of the system.
The CVE-2025-39438 vulnerability allows an attacker to perform unauthorized actions on a user's account by tricking the user into performing a Cross-Site Request Forgery (CSRF) attack, specifically targeting the Theme Changer plugin with versions up to 1.3.
This vulnerability is a problem because it enables attackers to manipulate user interactions, potentially leading to unauthorized changes, data breaches, or other malicious activities, all without the user's knowledge or consent.
The CVE-2025-39437 vulnerability allows an attacker to trick a user into performing unintended actions on the Anthologize platform, by exploiting a Cross-Site Request Forgery (CSRF) weakness.
This vulnerability is a problem because it enables attackers to manipulate users into taking actions they didn't intend to, potentially leading to unauthorized changes, data breaches, or other malicious activities, which can compromise the security and integrity of the platform.
The CVE-2025-39436 vulnerability allows attackers to upload malicious files to the "I Draw" application without any restrictions, potentially leading to the execution of harmful code.
This vulnerability is a problem because it enables attackers to compromise the security of the system by uploading files that can cause damage, steal sensitive information, or take control of the application, posing a significant risk to users' data and system integrity.
The CVE-2025-39435 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the My Marginalia application, which can also lead to Stored Cross-Site Scripting (XSS) attacks, enabling the execution of malicious code on the application.
This vulnerability is a problem because it can be exploited by attackers to trick users into performing unintended actions on the My Marginalia application, potentially leading to unauthorized data access, modification, or theft, and can also be used to inject malicious code that can be executed by other users, further compromising the security of the application.
The CVE-2025-39434 vulnerability allows unauthorized access to certain features or data in the Scott Taylor Avatar system by exploiting a flaw in the access control security levels, which can be bypassed using a user-controlled key.
This vulnerability is a problem because it enables attackers to gain access to sensitive information or perform actions that they should not be allowed to, potentially leading to data breaches, tampering, or other malicious activities, especially in systems where access control is crucial for security.
The CVE-2025-39433 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the beke_ro Bknewsticker, which can also lead to Stored Cross-Site Scripting (XSS) attacks, potentially allowing malicious code to be executed on the website.
This vulnerability is a problem because it enables attackers to trick users into performing unintended actions on the website, and also allows for the injection of malicious code, which can lead to unauthorized access, data theft, or other malicious activities, compromising the security and integrity of the website and its users.
The CVE-2025-39432 vulnerability allows an attacker to inject malicious code into a website through a feature called bbPress2 shortcode whitelist, which is supposed to filter out harmful input. This can lead to Stored Cross-site Scripting (XSS), where the malicious code is stored on the website and executed when other users visit the site.
This vulnerability is a problem because it enables attackers to steal user data, take control of user sessions, or perform other malicious actions on the affected website. The severity of 7.1 indicates that this is a significant threat that can have substantial impacts on the security and integrity of the website and its users.
The CVE-2025-39431 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the Aaron Forgue Amazon Showcase WordPress Plugin, which can also lead to Stored Cross-Site Scripting (XSS) attacks. This means an attacker can trick users into performing unintended actions on the website and inject malicious code that can be executed by other users.
This vulnerability is a problem because it enables attackers to manipulate user interactions with the website, potentially leading to unauthorized actions, data theft, or malware distribution. The Stored XSS aspect of the vulnerability makes it particularly concerning, as it can affect multiple users and remain active even after the initial attack.
The CVE-2025-39430 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the mLanguage application, which can also lead to Stored Cross-Site Scripting (XSS) attacks, enabling the execution of malicious code on the application.
This vulnerability is a problem because it enables attackers to trick users into performing unintended actions on the mLanguage application, potentially leading to unauthorized data access, modification, or theft, and can also allow malicious code to be stored and executed on the application, compromising its security and integrity.
The CVE-2025-39429 vulnerability allows an attacker to include and execute local files on a server running the Széchenyi 2020 Logo application, due to improper control of filename for include/require statements in PHP programs.
This vulnerability is a problem because it can enable an attacker to access and execute sensitive files on the server, potentially leading to unauthorized data access, modification, or deletion, and even allowing the attacker to take control of the server.
This vulnerability allows an attacker to inject malicious code into web pages generated by Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders, enabling Stored Cross-site Scripting (XSS) attacks.
This vulnerability is a problem because it enables attackers to execute malicious scripts on users' browsers, potentially leading to unauthorized access, data theft, or other malicious activities, affecting all users who interact with the vulnerable web pages.
The CVE-2025-39427 vulnerability allows an attacker to inject malicious code into web pages generated by the Beth Tucker Long WP Post to PDF Enhanced plugin, enabling Stored Cross-site Scripting (XSS) attacks.
This vulnerability is a problem because it enables attackers to store and execute malicious scripts on a website, potentially leading to unauthorized access, data theft, or other malicious activities, affecting users who interact with the compromised web pages.
The CVE-2025-39426 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the illow – Cookies Consent plugin, versions 0.2.0 and earlier, which can trick a user into performing unintended actions on a website.
This vulnerability is a problem because it can be used by attackers to manipulate users into performing actions they did not intend to, such as changing settings or making unauthorized changes, which can compromise the security and integrity of the website and its users.
The CVE-2025-39425 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the pixelgrade Style Manager, which can trick users into performing unintended actions on the application.
This vulnerability is a problem because it enables attackers to manipulate user requests, potentially leading to unauthorized changes, data breaches, or other malicious activities, compromising the security and integrity of the application.
The CVE-2025-39424 vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) attacks on Simple Maps versions 0.98 and below, enabling them to execute malicious actions on behalf of users.
This vulnerability is a problem because it can lead to unauthorized access, data theft, and malicious activities on user accounts, compromising the security and integrity of the Simple Maps application and its users' data.
The CVE-2025-39423 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the Jenst Add to Header, which can lead to Stored Cross-Site Scripting (XSS) attacks.
This vulnerability is a problem because it enables attackers to trick users into performing unintended actions on the website, potentially leading to unauthorized access, data theft, or malware distribution.
This vulnerability allows an attacker to trick a user into performing unintended actions on a website using Cross-Site Request Forgery (CSRF), and also enables Stored Cross-Site Scripting (XSS) attacks through the PResponsive WP Social Bookmarking plugin.
This vulnerability is a problem because it can be used by attackers to steal user data, take control of user accounts, or perform malicious actions on the affected website, potentially leading to security breaches and data compromises.
The CVE-2025-39421 vulnerability allows an attacker to trick a user into performing unintended actions on a website using Cross-Site Request Forgery (CSRF), and also enables Stored Cross-Site Scripting (XSS) attacks, which can inject malicious code into the website.
This vulnerability is a problem because it can be used by attackers to steal user data, take control of user accounts, or perform other malicious actions on the website, potentially leading to security breaches and data theft.
The CVE-2025-39420 vulnerability allows an attacker to inject malicious code into web pages generated by the WP Twitter Button plugin, enabling Stored Cross-site Scripting (XSS) attacks.
This vulnerability is a problem because it enables attackers to execute malicious scripts on users' browsers, potentially leading to unauthorized access, data theft, or other malicious activities, affecting users who interact with the compromised web page.
The CVE-2025-39419 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the David Miller Revision Diet application, which can also lead to Stored Cross-Site Scripting (XSS) attacks, enabling the execution of malicious code on the application.
This vulnerability is a problem because it can be exploited by attackers to trick users into performing unintended actions on the application, potentially leading to unauthorized data access, modification, or theft, and can also be used to inject malicious code, further compromising the security of the application and its users.
The CVE-2025-39418 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the ajayver RSS Manager, which can also lead to Stored Cross-Site Scripting (XSS) attacks. This means an attacker can trick a user into performing unintended actions on the RSS Manager, and also inject malicious code that can be stored and executed by the application.
This vulnerability is a problem because it enables attackers to manipulate user interactions and inject malicious code, potentially leading to unauthorized access, data theft, or other malicious activities. The Stored XSS aspect of the vulnerability makes it particularly concerning, as it can affect multiple users and remain active even after the initial attack.
The CVE-2025-39417 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the "Redirect wordpress to welcome or landing page" plugin, which can also lead to Stored Cross-Site Scripting (XSS) attacks, potentially giving the attacker control over the website.
This vulnerability is a problem because it enables attackers to trick users into performing unintended actions on the website, and also allows for the injection of malicious code, which can lead to unauthorized access, data theft, and other malicious activities.