NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-40685	Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript...	2025-07-29	6.1	NETWORK	MEDIUM	NVD
CVE-2025-40684	Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript...	2025-07-29	6.1	NETWORK	MEDIUM	NVD
CVE-2025-40683	Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript...	2025-07-29	6.1	NETWORK	MEDIUM	NVD
CVE-2025-40682	SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases...	2025-07-29	9.8	NETWORK	CRITICAL	NVD
CVE-2025-5587	The Appzend theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and includin...	2025-07-29	6.4	NETWORK	MEDIUM	NVD
CVE-2025-8216	The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Multiple widgets in all versions up to, and includi...	2025-07-29	6.4	NETWORK	MEDIUM	NVD
CVE-2025-8196	The Magical Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes in all versions ...	2025-07-29	6.4	NETWORK	MEDIUM	NVD
CVE-2025-7689	The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback() f...	2025-07-29	8.8	NETWORK	HIGH	NVD
CVE-2025-6730	The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on...	2025-07-29	4.3	NETWORK	MEDIUM	NVD
CVE-2025-6692	The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘instance’ parameter in all versions up to, and including,...	2025-07-29	6.4	NETWORK	MEDIUM	NVD
CVE-2025-6681	The Fan Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.0.1 d...	2025-07-29	6.4	NETWORK	MEDIUM	NVD
CVE-2025-26400	SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure...	2025-07-29	5.3	NETWORK	MEDIUM	NVD
CVE-2025-53082	An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesy...	2025-07-29	6.1	PHYSICAL	MEDIUM	NVD
CVE-2025-53081	An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesyst...	2025-07-29	6.4	PHYSICAL	MEDIUM	NVD
CVE-2025-8264	Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker...	2025-07-29	9.0	NETWORK	CRITICAL	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.