Skip to main content
CVE-2025-23620 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexey Trofimov Captchelfie - Captcha by Selfie allows Reflected XSS.0.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23665 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Rapid Sort RSV GMaps allows Stored XSS.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23662 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana WP Panoramio allows Stored XSS.5.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23661 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana NV Slider allows Stored XSS.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23660 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Walter Cerrudo MFPlugin allows Stored XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23659 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Hernan Javier Hegykozi MercadoLibre Integration allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23654 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Vinícius Krolow Twitter Post allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23649 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kreg Steppe Auphonic Importer allows Stored XSS.5.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23640 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan Rename Author Slug allows Stored XSS.2.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23627 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Gordon French Comment-Emailer allows Stored XSS.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23617 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal Floatbox Plus allows Stored XSS.4.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23572 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dave Konopka, Martin Scharm UpDownUpDown allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23569 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kelvin Ng Shortcode in Comment allows Stored XSS.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23566 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Syed Amir Hussain Custom Post allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23560 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Elke Hinze, Plumeria Web Design Web Testimonials allows Stored XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23558 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in digfish Geotagged Media allows Stored XSS.3.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23533 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Adrian Moreno WP Lyrics allows Stored XSS.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23508 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in EdesaC Extra Options - Favicons allows Stored XSS.1.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23497 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Albdesign Simple Project Manager allows Stored XSS.2.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23471 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Add to Cart Button allows Stored XSS.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23436 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Capa Wp-Scribd-List allows Stored XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23435 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in David Marcucci Password Protect Plugin for WordPress allows Stored XSS.8.1.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23639 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC YouTube Downloader allows Stored XSS.0.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23618 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Brandi Twitter Shortcode allows Stored XSS.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-57704 HIGH POC This Week

Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-55511 HIGH This Month

A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows a local attacker to cause a system crash or potentially elevate their privileges via executing a specially crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-54660 HIGH This Month

A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Java
NVD
CVSS 3.1
8.7
EPSS
0.6%
CVE-2024-46450 HIGH This Month

Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tenda Ac6 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-57578 HIGH POC This Week

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-55954 HIGH This Month

OpenObserve is a cloud-native observability platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.7
EPSS
0.1%
CVE-2024-57775 HIGH POC This Week

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinaloa
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-57770 HIGH POC This Week

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinaloa
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-57769 HIGH POC This Week

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinaloa
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-41746 HIGH This Month

IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Cics Tx
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-57162 HIGH POC This Month

Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cybercafe Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-0472 HIGH This Month

Information exposure in the PMB platform affecting versions 4.2.13 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pmb
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-50563 HIGH This Month

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortianalyzer Fortianalyzer Cloud Fortimanager +1
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-12614 HIGH PATCH This Month

The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

WordPress SQLi Passwords Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-12613 HIGH PATCH This Month

The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Passwords Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-0457 HIGH This Month

The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.7%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy