Total
333234 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-67916 | 2026-01-20 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Jobify jobify allows Reflected XSS.This issue affects Jobify: from n/a through <= 4.3.0. | |||||
| CVE-2025-67915 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46. | |||||
| CVE-2025-67914 | 2026-01-20 | N/A | 7.5 HIGH | ||
| Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8. | |||||
| CVE-2025-67913 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3. | |||||
| CVE-2025-67912 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gal Dubinski Stars Testimonials allows Stored XSS.This issue affects Stars Testimonials: from n/a through 3.3.4. | |||||
| CVE-2025-67911 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through <= 4.11. | |||||
| CVE-2025-67910 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in contentstudio Contentstudio contentstudio allows Upload a Web Shell to a Web Server.This issue affects Contentstudio: from n/a through <= 1.3.7. | |||||
| CVE-2025-67909 | 2026-01-20 | N/A | 8.1 HIGH | ||
| Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through <= 3.0.3. | |||||
| CVE-2025-67633 | 2026-01-20 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brownbagmarketing Greenhouse Job Board greenhouse-job-board allows DOM-Based XSS.This issue affects Greenhouse Job Board: from n/a through <= 2.7.3. | |||||
| CVE-2025-67632 | 2026-01-20 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Plugin Factory Google AdSense for Responsive Design – GARD google-adsense-for-responsive-design-gard allows DOM-Based XSS.This issue affects Google AdSense for Responsive Design – GARD: from n/a through <= 2.23. | |||||
| CVE-2025-67631 | 2026-01-20 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ecommerce Platforms Gift Hunt gift-hunt allows Stored XSS.This issue affects Gift Hunt: from n/a through <= 2.0.2. | |||||
| CVE-2025-67630 | 2026-01-20 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WH Tweaks wh-tweaks allows Stored XSS.This issue affects WH Tweaks: from n/a through <= 1.0.2. | |||||
| CVE-2025-67629 | 2026-01-20 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basticom Basticom Framework basticom-framework allows Stored XSS.This issue affects Basticom Framework: from n/a through <= 1.5.2. | |||||
| CVE-2025-67628 | 2026-01-20 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AMP-MODE Review Disclaimer review-disclaimer allows Stored XSS.This issue affects Review Disclaimer: from n/a through <= 2.0.3. | |||||
| CVE-2025-67627 | 2026-01-20 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TouchOfTech Draft Notify draft-notify allows Stored XSS.This issue affects Draft Notify: from n/a through <= 1.5. | |||||
| CVE-2025-67625 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery.This issue affects Trade Runner: from n/a through <= 3.14. | |||||
| CVE-2025-67623 | 2026-01-20 | N/A | 9.1 CRITICAL | ||
| Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through <= 2.19.9. | |||||
| CVE-2025-67622 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in titopandub Evergreen Post Tweeter evergreen-post-tweeter allows Stored XSS.This issue affects Evergreen Post Tweeter: from n/a through <= 1.8.9. | |||||
| CVE-2025-67621 | 2026-01-20 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a through <= 1.2.5. | |||||
| CVE-2025-67599 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Automation: from n/a through <= 2.1.1. | |||||