CVE ID : CVE-2025-48115
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery. This issue affects ValidateCertify: from n/a through 1.6.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48117
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Missing Authorization vulnerability in kilbot WooCommerce POS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce POS: from n/a through 1.7.8.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48131
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Saiful Islam UltraAddons Elementor Lite allows Stored XSS. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48127
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push notification for Mobile and Web app: from n/a through 2.0.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48120
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Improper Control of Generation of Code (‘Code Injection’) vulnerability in RomanCode MapSVG Lite allows Code Injection. This issue affects MapSVG Lite: from n/a through 8.6.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48121
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Steve Puddick WP Notes Widget allows DOM-Based XSS. This issue affects WP Notes Widget: from n/a through 1.0.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48128
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sharespine Woocommerce Connector: from n/a through 4.7.55.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48132
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in pencilwp X Addons for Elementor allows Stored XSS. This issue affects X Addons for Elementor: from n/a through 1.0.14.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48119
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Improper Control of Generation of Code (‘Code Injection’) vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection. This issue affects RS WP Book Showcase: from n/a through 6.7.41.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48134
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object Injection. This issue affects WP Tabs: from n/a through 2.2.11.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48135
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in aptivadadev Aptivada for WP allows DOM-Based XSS. This issue affects Aptivada for WP: from n/a through 2.0.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48136
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48137
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48138
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.11.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48144
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce allows Stored XSS. This issue affects Import Export For WooCommerce: from n/a through 1.6.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48146
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow by LupsOnline: from n/a through 2.2.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4786
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/?page=return/view_return. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4787
Published : May 16, 2025, 4:15 p.m. | 47 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected is an unknown function of the file /admin/?page=sales/view_sale. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable…
SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be…