Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-43079 | 6.3 (v3.1) | Local Privilege Escalation via qagent_uninstall.sh Qua… |
Qualys Inc |
Qualys Agent |
2025-11-10T17:10:31.066Z | 2025-11-18T11:41:11.636Z |
| cve-2025-13343 | SourceCodester Interview Management System editQuestio… |
SourceCodester |
Interview Management System |
2025-11-18T11:32:06.222Z | 2025-11-18T11:32:06.222Z | |
| cve-2025-41349 | 5.1 (v4.0) | Stored Cross-Site Scripting (XSS) in WinPlus by Inform… |
Informática del Este |
WinPlus |
2025-11-18T11:26:23.985Z | 2025-11-18T11:29:53.609Z |
| cve-2025-41348 | 8.7 (v4.0) | Stored Cross-Site Scripting (XSS) in WinPlus by Inform… |
Informática del Este |
WinPlus |
2025-11-18T11:24:06.672Z | 2025-11-18T11:24:06.672Z |
| cve-2025-41347 | 8.7 (v4.0) | Stored Cross-Site Scripting (XSS) in WinPlus by Inform… |
Informática del Este |
WinPlus |
2025-11-18T11:06:39.222Z | 2025-11-18T11:06:39.222Z |
| cve-2025-11427 | WP Migrate Lite <= 2.7.6 - Unauthenticated Blind Serve… |
wpengine |
WP Migrate Lite – WordPress Migration Made Easy |
2025-11-18T11:00:48.436Z | 2025-11-18T11:00:48.436Z | |
| cve-2025-48593 | N/A | In bta_hf_client_cb_init of bta_hf_client_main.cc… |
Google |
Android |
2025-11-18T04:51:57.663Z | 2025-11-18T10:57:54.587Z |
| cve-2025-41737 | 7.5 (v3.1) | Improper access control via php endpoint |
METZ CONNECT |
Energy-Controlling EWIO2-M |
2025-11-18T10:18:44.739Z | 2025-11-18T10:18:44.739Z |
| cve-2025-41736 | 8.8 (v3.1) | Possible arbitrary code execution |
METZ CONNECT |
Energy-Controlling EWIO2-M |
2025-11-18T10:18:30.034Z | 2025-11-18T10:18:30.034Z |
| cve-2025-41735 | 8.8 (v3.1) | Possible arbitrary file upload |
METZ CONNECT |
Energy-Controlling EWIO2-M |
2025-11-18T10:18:15.146Z | 2025-11-18T10:18:15.146Z |
| cve-2025-41734 | 9.8 (v3.1) | Unauthenticated Local File Inclusion in php module |
METZ CONNECT |
Energy-Controlling EWIO2-M |
2025-11-18T10:18:00.774Z | 2025-11-18T10:18:00.774Z |
| cve-2025-41733 | 9.8 (v3.1) | Possible malfunction credential injection |
METZ CONNECT |
Energy-Controlling EWIO2-M |
2025-11-18T10:17:46.326Z | 2025-11-18T10:17:46.326Z |
| cve-2025-41346 | 9.3 (v4.0) | Stored Cross-Site Scripting (XSS) in WinPlus by Inform… |
Informática del Este |
WinPlus |
2025-11-18T10:04:11.741Z | 2025-11-18T10:04:11.741Z |
| cve-2025-12391 | Restrictions for BuddyPress <= 1.5.2 - Missing Authori… |
seventhqueen |
Restrictions for BuddyPress |
2025-11-18T09:27:40.754Z | 2025-11-18T09:27:40.754Z | |
| cve-2025-12457 | Enable SVG, WebP, and ICO Upload <= 1.1.2 - Authentica… |
ideastocode |
Enable SVG, WebP, and ICO Upload |
2025-11-18T09:27:40.395Z | 2025-11-18T09:27:40.395Z | |
| cve-2025-12691 | Photonic Gallery & Lightbox for Flickr, SmugMug & Othe… |
sayontan |
Photonic Gallery & Lightbox for Flickr, SmugMug & Others |
2025-11-18T09:27:39.902Z | 2025-11-18T09:27:39.902Z | |
| cve-2025-12639 | wModes – Catalog Mode, Product Pricing, Enquiry Forms … |
sundayfanz |
wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce |
2025-11-18T09:27:39.489Z | 2025-11-18T09:27:39.489Z | |
| cve-2025-12392 | Cryptocurrency Payment Gateway for WooCommerce <= 2.0.… |
tripleatechnology |
Cryptocurrency Payment Gateway for WooCommerce |
2025-11-18T09:27:39.093Z | 2025-11-18T09:27:39.093Z | |
| cve-2025-12088 | Meta Display Block <= 1.0.0 - Authenticated (Contribut… |
bhargavbhandari90 |
Meta Display Block |
2025-11-18T09:27:38.684Z | 2025-11-18T09:27:38.684Z | |
| cve-2025-12481 | WP Duplicate Page <= 1.7 - Missing Authorization to Au… |
ninjateam |
WP Duplicate Page |
2025-11-18T09:27:38.298Z | 2025-11-18T09:27:38.298Z | |
| cve-2025-13069 | Enable SVG, WebP, and ICO Upload <= 1.1.2 - Authentica… |
ideastocode |
Enable SVG, WebP, and ICO Upload |
2025-11-18T09:27:37.930Z | 2025-11-18T09:27:37.930Z | |
| cve-2025-12079 | WP Twitter Auto Publish <= 1.7.3 - Reflected Cross-Sit… |
f1logic |
WP Twitter Auto Publish |
2025-11-18T09:27:37.488Z | 2025-11-18T09:27:37.488Z | |
| cve-2025-13133 | Simple User Import Export <= 1.1.7 - Authenticated (Ad… |
vaniivan |
Simple User Import Export |
2025-11-18T09:27:37.077Z | 2025-11-18T09:27:37.077Z | |
| cve-2025-12955 | Live sales notification for WooCommerce <= 2.3.39 - Mi… |
rajeshsingh520 |
Live sales notification for WooCommerce |
2025-11-18T09:27:36.608Z | 2025-11-18T09:27:36.608Z | |
| cve-2025-13196 | Element Pack Addons for Elementor <= 8.3.4 - Authentic… |
bdthemes |
Element Pack Addons for Elementor |
2025-11-18T09:27:36.191Z | 2025-11-18T09:27:36.191Z | |
| cve-2025-4212 | Checkout Files Upload for WooCommerce <= 2.2.1 - Unaut… |
wpwham |
Checkout Files Upload for WooCommerce |
2025-11-18T09:27:35.729Z | 2025-11-18T09:27:35.729Z | |
| cve-2025-11734 | Broken Link Checker by AIOSEO – Easily Fix/Monitor Int… |
aioseo |
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links |
2025-11-18T09:27:35.134Z | 2025-11-18T09:27:35.134Z | |
| cve-2025-46420 | 6.5 (v3.1) | Libsoup: memory leak on soup_header_parse_quality_list… |
|
|
2025-04-24T12:58:01.121Z | 2025-11-18T09:06:51.708Z |
| cve-2025-32908 | 7.5 (v3.1) | Libsoup: denial of service on libsoup through http/2 server |
|
|
2025-04-14T14:00:30.423Z | 2025-11-18T09:06:43.354Z |
| cve-2025-40545 | 4.8 (v3.1) | SolarWinds Observability Self-Hosted Open Redirection … |
SolarWinds |
SolarWinds Observability Self-Hosted |
2025-11-18T08:55:52.919Z | 2025-11-18T08:55:52.919Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2024-000103 | The installer of e-Tax software(common program) vulnerable to privilege escalation | 2024-09-24T16:12+09:00 | 2024-09-24T16:12+09:00 |
| jvndb-2024-000101 | Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices | 2024-09-24T15:26+09:00 | 2024-09-24T15:26+09:00 |
| jvndb-2024-003068 | Multiple vulnerabilities in Cente middleware | 2024-04-05T15:36+09:00 | 2024-09-24T15:00+09:00 |
| jvndb-2024-008391 | Multiple vulnerabilities in TAKENAKA ENGINEERING digital video recorders | 2024-09-19T14:07+09:00 | 2024-09-19T14:07+09:00 |
| jvndb-2024-000100 | Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce" | 2024-09-18T14:34+09:00 | 2024-09-18T14:34+09:00 |
| jvndb-2024-000099 | Assimp vulnerable to heap-based buffer overflow | 2024-09-18T14:20+09:00 | 2024-09-18T14:20+09:00 |
| jvndb-2020-018328 | Falsification and eavesdropping of contents across multiple websites via Web Rehosting services | 2024-09-12T12:23+09:00 | 2024-09-12T12:23+09:00 |
| jvndb-2023-027250 | Security Problem in Web Browser Permission Mechanism | 2024-09-11T18:19+09:00 | 2024-09-11T18:19+09:00 |
| jvndb-2020-018327 | Malleability attack against executables encrypted by CBC mode with no integrity check | 2024-09-11T18:19+09:00 | 2024-09-11T18:19+09:00 |
| jvndb-2024-000095 | Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery | 2024-09-09T16:40+09:00 | 2024-09-09T16:40+09:00 |
| jvndb-2024-000096 | Pgpool-II vulnerable to information disclosure | 2024-09-09T14:58+09:00 | 2024-09-09T14:58+09:00 |
| jvndb-2024-000094 | "@cosme" App fails to restrict custom URL schemes properly | 2024-09-09T14:20+09:00 | 2024-09-09T14:20+09:00 |
| jvndb-2024-000097 | WordPress Plugin "Forminator" vulnerable to cross-site scripting | 2024-09-09T13:51+09:00 | 2024-09-09T13:51+09:00 |
| jvndb-2024-000098 | Multiple products from KINGSOFT JAPAN vulnerable to path traversal | 2024-09-06T15:07+09:00 | 2024-09-06T15:07+09:00 |
| jvndb-2024-000090 | Secure Boot bypass Vulnerability in PRIMERGY | 2024-09-06T14:39+09:00 | 2024-09-06T14:39+09:00 |
| jvndb-2024-000093 | WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting | 2024-09-04T13:01+09:00 | 2024-09-04T13:01+09:00 |
| jvndb-2024-007002 | Panasonic Control FPWIN Pro7 vulnerable to stack-based buffer overflow | 2024-09-02T14:57+09:00 | 2024-09-02T14:57+09:00 |
| jvndb-2024-000091 | IPCOM vulnerable to information disclosure | 2024-08-30T14:56+09:00 | 2024-08-30T14:56+09:00 |
| jvndb-2024-000092 | Multiple vulnerabilities in WordPress plugin "Carousel Slider" | 2024-08-30T13:58+09:00 | 2024-08-30T13:58+09:00 |
| jvndb-2024-006787 | xfpt vulnerable to stack-based buffer overflow | 2024-08-29T14:07+09:00 | 2024-08-29T14:07+09:00 |
| jvndb-2024-000086 | Multiple Safie products vulnerable to improper server certificate verification | 2024-08-22T13:51+09:00 | 2024-08-29T12:23+09:00 |
| jvndb-2024-006646 | Authentication Bypass Vulnerability in Hitachi Ops Center Common Services | 2024-08-27T12:01+09:00 | 2024-08-27T12:01+09:00 |
| jvndb-2024-006367 | Unquoted Service Path in Hitachi Device Manager | 2024-08-26T16:27+09:00 | 2024-08-26T16:27+09:00 |
| jvndb-2024-000087 | BUFFALO wireless LAN routers and wireless LAN repeaters vulnerable to OS command injection | 2024-08-23T14:17+09:00 | 2024-08-23T14:17+09:00 |
| jvndb-2020-007305 | Installer of Trend Micro Security 2020 (Consumer) may insecurely load Dynamic Link Libraries | 2024-08-22T11:33+09:00 | 2024-08-22T11:33+09:00 |
| jvndb-2017-009536 | Packetbeat vulnerable to denial-of-service (DoS) | 2024-08-21T17:54+09:00 | 2024-08-21T17:54+09:00 |
| jvndb-2018-009127 | Multiple vulnerabilities in LogonTracer | 2024-08-21T17:37+09:00 | 2024-08-21T17:37+09:00 |
| jvndb-2020-002957 | A vulnerability in TOYOTA MOTOR's DCU (Display Control Unit) | 2024-08-20T18:12+09:00 | 2024-08-20T18:12+09:00 |
| jvndb-2020-007306 | Trend Micro Security (Consumer) Driver vulnerable to Out-of-bounds Read | 2024-08-20T17:52+09:00 | 2024-08-20T17:52+09:00 |
| jvndb-2024-000085 | "Rakuten Ichiba App" fails to restrict custom URL schemes properly | 2024-08-20T16:56+09:00 | 2024-08-20T16:56+09:00 |