Total
8961 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21308 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-02-21 | 6.5 Medium |
| Windows Themes Spoofing Vulnerability | ||||
| CVE-2025-21242 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-21 | 5.9 Medium |
| Windows Kerberos Information Disclosure Vulnerability | ||||
| CVE-2025-21214 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-21 | 4.2 Medium |
| Windows BitLocker Information Disclosure Vulnerability | ||||
| CVE-2025-26310 | 2025-02-21 | 6.5 Medium | ||
| Multiple memory leaks have been identified in the ABC file parsing functions (parseABC_CONSTANT_POOL and `parseABC_FILE) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted ABC file. | ||||
| CVE-2025-26309 | 2025-02-21 | 6.5 Medium | ||
| A memory leak has been identified in the parseSWF_DEFINESCENEANDFRAMEDATA function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. | ||||
| CVE-2025-22973 | 2025-02-21 | 7.5 High | ||
| An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response content. | ||||
| CVE-2025-22866 | 2025-02-21 | 4 Medium | ||
| Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols. | ||||
| CVE-2024-45336 | 2025-02-21 | 6.1 Medium | ||
| The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | ||||
| CVE-2024-54961 | 2025-02-21 | 6.5 Medium | ||
| Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users. | ||||
| CVE-2024-57716 | 2025-02-21 | 7.5 High | ||
| An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function. | ||||
| CVE-2024-13609 | 1 1clickmigration | 1 1 Click Migration | 2025-02-21 | 5.9 Medium |
| The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data including usernames and their respective password hashes during a short window of time in which the backup is in process. | ||||
| CVE-2024-13622 | 1 Imaginate-solutions | 1 File Uploads Addon For Woocommerce | 2025-02-21 | 7.5 High |
| The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments uploaded by customers. | ||||
| CVE-2021-31567 | 1 Wpchill | 1 Download Monitor | 2025-02-20 | 6.8 Medium |
| Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS. | ||||
| CVE-2022-23982 | 1 Quadlayers | 1 Perfect Brands For Woocommerce | 2025-02-20 | 4.3 Medium |
| The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. | ||||
| CVE-2022-23984 | 1 Gvectors | 1 Wpdiscuz | 2025-02-20 | 3.7 Low |
| Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). | ||||
| CVE-2022-25602 | 1 Expresstech | 1 Responsive Menu | 2025-02-20 | 8.3 High |
| Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | ||||
| CVE-2022-27844 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-02-20 | 2.7 Low |
| Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70 | ||||
| CVE-2022-27849 | 1 Plugin-planet | 1 Simple Ajax Chat | 2025-02-20 | 5.3 Medium |
| Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 | ||||
| CVE-2022-27863 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Property Management System Plugin | 2025-02-20 | 5.3 Medium |
| Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests. | ||||
| CVE-2022-34867 | 1 Wp Libre Form Project | 1 Wp Libre Form | 2025-02-20 | 7.3 High |
| Unauthenticated Sensitive Information Disclosure vulnerability in WP Libre Form 2 plugin <= 2.0.8 at WordPress allows attackers to list and delete submissions. Affects only versions from 2.0.0 to 2.0.8. | ||||