Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2025-69151 Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.
CVE-2025-69104 Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.
CVE-2025-69129 Unrestricted File Upload in wordpress (CVE-2025-69129)
vulnerability in wordpress (CVE-2025-69129). Successful exploitation can lead to full system takeover.
CVE-2025-69113 Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions.
Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions.
CVE-2025-69112 Unauthenticated Local File Inclusion in Planty <= 1.14.0 versions.
Unauthenticated Local File Inclusion in Planty <= 1.14.0 versions.
CVE-2025-69105 Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions.
Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions.
CVE-2025-69107 Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions.
Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions.
CVE-2025-69109 Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions.
Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions.
CVE-2025-69119 Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions.
Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions.
CVE-2025-69125 Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions.
Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions.
CVE-2025-69124 Unauthenticated Local File Inclusion in Especio <= 1.0 versions.
Unauthenticated Local File Inclusion in Especio <= 1.0 versions.
CVE-2025-69146 Unauthenticated Local File Inclusion in Dom <= 1.24 versions.
Unauthenticated Local File Inclusion in Dom <= 1.24 versions.
CVE-2025-69116 Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions.
Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions.
CVE-2025-69117 Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions.
Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions.
CVE-2025-69114 Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions.
Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions.
CVE-2025-69141 Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions.
Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions.
CVE-2025-69118 Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions.
Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions.
CVE-2025-69121 Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions.
Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions.
CVE-2025-69110 Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions.
Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions.
CVE-2025-69145 Unauthenticated Local File Inclusion in Gat <= 1.16 versions.
Unauthenticated Local File Inclusion in Gat <= 1.16 versions.
CVE-2025-69131 Path Traversal in wordpress (CVE-2025-69131)
path traversal in wordpress (CVE-2025-69131). Confidential information can be exposed externally.
CVE-2025-60223 Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
CVE-2025-69137 Subscriber Broken Access Control in Genemy <= 1.6.6 versions.
Subscriber Broken Access Control in Genemy <= 1.6.6 versions.
CVE-2025-69103 Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.
Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.
CVE-2025-69108 Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions.
Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions.
CVE-2025-69122 Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions.
Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions.
CVE-2024-37210 Vulnerability in CVE-2024-37210 (CVE-2024-37210)
vulnerability in CVE-2024-37210 (CVE-2024-37210). Confidential information can be exposed externally.
CVE-2025-48617 Vulnerability in google (CVE-2025-48617)
vulnerability in google (CVE-2025-48617). Successful exploitation can lead to full system takeover.
CVE-2025-48640 Vulnerability in google (CVE-2025-48640)
vulnerability in google (CVE-2025-48640). Successful exploitation can lead to full system takeover.
CVE-2024-37496 Vulnerability in CVE-2024-37496 (CVE-2024-37496)
vulnerability in CVE-2024-37496 (CVE-2024-37496). Risk of unauthorized operations or information disclosure.
CVE-2025-48571 Vulnerability in google (CVE-2025-48571)
vulnerability in google (CVE-2025-48571). Risk of unauthorized operations or information disclosure.
CVE-2025-60205 Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.
Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.
CVE-2025-15642 Vulnerability in CVE-2025-15642 (CVE-2025-15642)
vulnerability in CVE-2025-15642 (CVE-2025-15642). Risk of unauthorized operations or information disclosure.
CVE-2025-48643 Vulnerability in google (CVE-2025-48643)
vulnerability in google (CVE-2025-48643). Successful exploitation can lead to full system takeover.
CVE-2025-31013 Cross-Site Scripting (XSS) in CVE-2025-31013 (CVE-2025-31013)
cross-site scripting in CVE-2025-31013 (CVE-2025-31013). Risk of unauthorized operations or information disclosure.
CVE-2024-49269 Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.
Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.
CVE-2025-59560 Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.
CVE-2025-15641 Vulnerability in CVE-2025-15641 (CVE-2025-15641)
vulnerability in CVE-2025-15641 (CVE-2025-15641). Risk of unauthorized operations or information disclosure.
CVE-2025-59872 Vulnerability in hcltech (CVE-2025-59872)
vulnerability in hcltech (CVE-2025-59872). Risk of unauthorized operations or information disclosure.
CVE-2024-52488 Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.
Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.
CVE-2025-60218 Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.
Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.
CVE-2024-34810 Cross-Site Request Forgery (CSRF) in csrf (CVE-2024-34810)
vulnerability in csrf (CVE-2024-34810). Risk of unauthorized operations or information disclosure.
CVE-2024-35648 Cross-Site Request Forgery (CSRF) in csrf (CVE-2024-35648)
vulnerability in csrf (CVE-2024-35648). Risk of unauthorized operations or information disclosure.
CVE-2025-60085 Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions.
Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions.
CVE-2025-58924 Unauthenticated Local File Inclusion in Geya <= 1.15 versions.
Unauthenticated Local File Inclusion in Geya <= 1.15 versions.
CVE-2025-58953 Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions.
Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions.
CVE-2025-49403 Vulnerability in wordpress (CVE-2025-49403)
vulnerability in wordpress (CVE-2025-49403). Confidential information can be exposed externally.
CVE-2025-58952 Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions.
Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions.
CVE-2025-58954 Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.
Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.
CVE-2026-46977 Information Disclosure in c (CVE-2026-46977)
vulnerability in c (CVE-2026-46977). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →