Skip to main content
CVE-2024-13259 HIGH PATCH This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.0.0 before 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Image Sizes Drupal
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-13258 CRITICAL PATCH This Week

Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.0.0 before 2.0.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rest Json Api Authentication Drupal
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-13257 MEDIUM PATCH This Month

Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.0.0 before 1.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Commerce View Receipt Drupal
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-13256 HIGH PATCH This Month

Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.0.0 before 2.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Email Contact Drupal
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-13255 HIGH This Month

Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.X-2.0 before 7.X-2.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Restful Web Services Drupal
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-13254 HIGH PATCH This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.0.0 before 3.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rest Views Drupal
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-13253 CRITICAL PATCH This Week

Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.0.0 before 1.5.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Advanced Pwa Inc Push Notifications Drupal
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-13252 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).0.0 before 6.5.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tacjs Drupal
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-13251 HIGH PATCH This Month

Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.0.0 before 2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Registration Role Drupal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-13250 HIGH PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.0.0 before 1.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Drupal Symfony Mailer Lite Drupal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-13249 MEDIUM This Month

Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.X-1.0 before 7.X-1.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Node Access Rebuild Progressive Drupal
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13248 MEDIUM PATCH This Month

Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.0.0 before 2.1.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Private Content Drupal
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-13247 MEDIUM PATCH Monitor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).0.0 before 1.4.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Coffee Drupal
NVD HeroDevs
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-13246 MEDIUM PATCH This Month

Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.0.0 before 2.0.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node Access Rebuild Progressive Drupal
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-13245 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).0.0 before 1.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ckeditor 4 Drupal
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-13244 HIGH PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.0.0 before 6.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Migrate Tools Drupal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-13243 MEDIUM PATCH This Month

Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.0.0 before 1.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Entity Delete Log Drupal
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-13242 CRITICAL This Week

Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.*. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Swift Mailer Drupal
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-13241 CRITICAL This Week

Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.0.0 before 12.0.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Open Social Drupal
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-13240 HIGH This Month

Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.0.0 before 12.05. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Open Social Drupal
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-13239 CRITICAL PATCH This Week

Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.0.0 before 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Two Factor Authentication Drupal
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-13238 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).0.0 before 1.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Typogrify Drupal
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-13237 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).X-* before 7.X-2.38. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Entity Drupal
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2025-22149 LOW PATCH Monitor

JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-21628 CRITICAL PATCH This Week

Chatwoot is a customer engagement suite. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Chatwoot
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2025-21602 HIGH This Month

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-21600 HIGH This Month

An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Juniper Junos +1
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-21599 HIGH This Month

A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-21596 MEDIUM This Month

An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-21593 HIGH This Month

An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-21592 MEDIUM This Month

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2024-43176 MEDIUM This Month

IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Openpages With Watson
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-0349 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac6 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-6155 MEDIUM This Month

The Greenshift - animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress SSRF XSS Greenshift Animation And Page Builder Blocks
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5769 MEDIUM Monitor

The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12848 HIGH This Month

The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass WordPress
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2024-12819 MEDIUM This Month

The Searchie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sio_embed_media' shortcode in all versions up to, and including, 1.17.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-12618 MEDIUM Monitor

The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12542 HIGH This Week

The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.4% and no vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
8.6
EPSS
30.4%
CVE-2024-12493 MEDIUM This Month

The Files Download Delay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fddwrap' shortcode in all versions up to, and including, 1.0.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-12330 HIGH This Month

The WP Database Backup - Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-12249 MEDIUM Monitor

The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12218 MEDIUM This Month

The Woocommerce check pincode/zipcode for shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-12206 MEDIUM Monitor

The WordPress Header Builder Plugin - Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12122 MEDIUM This Month

The ResAds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-11929 MEDIUM This Month

The Responsive FlipBook Plugin Wordpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the rfbwp_save_settings() functionin all versions up to, and including, 2.5.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-11686 MEDIUM This Month

The WhatsApp 🚀 click to chat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'manycontacts_code' parameter in all versions up to, and including, 3.0.4 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2025-0348 MEDIUM POC This Month

A vulnerability was found in CampCodes DepEd Equipment Inventory System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Deped Equipment Inventory System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0347 MEDIUM POC This Week

A vulnerability was found in code-projects Admission Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Admission Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-0346 MEDIUM POC This Month

A vulnerability was found in code-projects Content Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass PHP Content Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy