Skip to main content
CVE-2025-0243 MEDIUM PATCH This Month

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Mozilla
NVD VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-11437 MEDIUM This Month

The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-56276 MEDIUM This Month

Missing Authorization vulnerability in WPForms Contact Form by WPForms allows Exploiting Incorrectly Configured Access Control Security Levels.9.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-12538 MEDIUM This Month

The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-56273 MEDIUM This Month

Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.9.106. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-22512 MEDIUM This Month

Missing Authorization vulnerability in Sprout Apps Help Scout allows Exploiting Incorrectly Configured Access Control Security Levels.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-22563 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Faaiq Pretty Url allows Cross Site Request Forgery.5.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-22562 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Jason Funk Title Experiments Free allows Cross Site Request Forgery.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-22591 MEDIUM This Month

Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Exploiting Incorrectly Configured Access Control Security Levels.87. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-10536 MEDIUM This Month

The FancyPost - Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-56271 MEDIUM This Month

Missing Authorization vulnerability in SecureSubmit WP SecureSubmit allows Exploiting Incorrectly Configured Access Control Security Levels.5.16. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-56272 MEDIUM This Month

Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-49294 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-22319 MEDIUM This Month

Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.0.47. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-22503 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Digital Zoom Studio Admin debug wordpress - enable debug allows Cross Site Request Forgery.0.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-22297 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in AIpost AI WP Writer allows Cross Site Request Forgery.8.4.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-22304 MEDIUM This Month

Missing Authorization vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Exploiting Incorrectly Configured Access Control Security Levels.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-22299 MEDIUM This Month

Missing Authorization vulnerability in spacecodes AI for SEO allows Exploiting Incorrectly Configured Access Control Security Levels.2.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-22298 MEDIUM This Month

Missing Authorization vulnerability in Hive Support Hive Support - WordPress Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-22363 MEDIUM This Month

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Controller Controller
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-56275 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.0.14. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-0240 MEDIUM PATCH This Month

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Use After Free Mozilla
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-0239 MEDIUM PATCH This Month

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2021-20455 LOW Monitor

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Cognos Controller Controller
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-0245 LOW Monitor

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-22133 CRITICAL POC PATCH Act Now

WeGIA is a web manager for charitable institutions. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection PHP Wegia
NVD GitHub
CVSS 3.1
9.9
EPSS
0.4%
CVE-2025-22132 HIGH POC PATCH This Week

WeGIA is a web manager for charitable institutions. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload XSS Wegia
NVD GitHub
CVSS 3.1
8.3
EPSS
0.5%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-0218 MEDIUM PATCH This Month

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Pgagent Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-54819 CRITICAL This Week

I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.5% and no vendor patch available.

SSRF PHP
NVD GitHub
CVSS 3.1
9.1
EPSS
42.5%
CVE-2024-35532 CRITICAL This Week

An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea 2022.12, 2022.13, and 2022.14 allows attackers to perform arbitrary file reading under the privileges of the running. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Buffer Overflow Denial Of Service Information Disclosure SSRF
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-40427 HIGH POC PATCH This Month

Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
7.9
EPSS
0.2%
CVE-2025-0301 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in code-projects Online Book Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Book Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-55414 CRITICAL This Week

A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Information Disclosure RCE Microsoft
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-55413 HIGH This Month

A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Information Disclosure RCE Microsoft +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-55412 HIGH This Month

A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Information Disclosure RCE Microsoft +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-55411 HIGH This Month

An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2024-54007 HIGH This Month

Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-54006 HIGH This Month

Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-44450 MEDIUM This Month

Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2025-22621 MEDIUM This Month

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Splunk
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-0300 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Online Book Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Book Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0299 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Book Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-8361 HIGH This Month

In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-40749 HIGH This Month

Improper Access Controls allows access to protected views. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-40748 HIGH This Month

Lack of output escaping in the id attribute of menu lists. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-40747 MEDIUM This Month

Various module chromes didn't properly process inputs, leading to XSS vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-12430 HIGH This Month

An attacker who successfully exploited these vulnerabilities could cause enable command execution. Rated high severity (CVSS 7.3). No vendor patch available.

Path Traversal
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2024-12429 MEDIUM This Month

An attacker who successfully exploited these vulnerabilities could grant read access to files. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
5.1
EPSS
0.1%
Prev Page 5 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy