Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
No results found.
Remaining NVD entries (unprocessed / no code available): ~290611 :
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2025-06-03 | CVE-2025-4047 | The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view the plugin's status. | N/A | 4.3 | |
| 2025-06-03 | CVE-2025-4224 | The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | N/A | 7.2 | |
| 2025-06-03 | CVE-2025-2939 | The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary functions, though it does not allow user supplied parameters only single functions can be called so the impact is limited. | N/A | 5.6 | |
| 2025-06-03 | CVE-2025-49162 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename. | N/A | N/A | |
| 2025-06-03 | CVE-2025-49163 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file. | N/A | N/A | |
| 2025-06-03 | CVE-2025-49164 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a. | N/A | N/A | |
| 2025-06-03 | CVE-2025-5068 | Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | N/A | N/A |