Skip to main content
CVE-2025-24537 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery.7.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-46187 MEDIUM This Month

IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Master Data Management
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-24662 MEDIUM This Month

Missing Authorization vulnerability in LearnDash LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels.20.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-24747 MEDIUM This Month

Missing Authorization vulnerability in Houzez.co Houzez.4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-24600 MEDIUM This Month

Missing Authorization vulnerability in David F. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-24590 MEDIUM This Month

Missing Authorization vulnerability in Haptiq picu - Online Photo Proofing Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-54488 MEDIUM This Month

A logic issue was addressed with improved file handling. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-24628 MEDIUM This Month

Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing.78. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-54518 MEDIUM This Month

The issue was addressed with improved bounds checks. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-24741 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support.6.7. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2025-24740 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress.2.7.1. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2025-24094 MEDIUM This Month

A race condition was addressed with additional validation. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Race Condition Apple
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-24136 MEDIUM This Month

This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-24116 MEDIUM This Month

An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-24742 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerly WP Google Maps) WP Go Maps.0.40. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24744 MEDIUM This Month

Missing Authorization vulnerability in NotFound Bridge Core.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24603 MEDIUM This Month

Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce products/orders.4.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24754 MEDIUM This Month

Missing Authorization vulnerability in Houzez.co Houzez.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24584 MEDIUM This Month

Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.3.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24540 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Cross Site Request Forgery.18.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24160 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24743 MEDIUM This Month

Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24653 MEDIUM This Month

Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels.6.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24113 MEDIUM This Month

The issue was addressed with improved UI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-24128 MEDIUM This Month

The issue was addressed by adding additional logic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47159 MEDIUM This Month

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-54550 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD VulDB
CVSS 3.1
4.0
EPSS
0.1%
CVE-2024-54475 LOW Monitor

A privacy issue was addressed with improved private data redaction for log entries. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-24145 LOW Monitor

A privacy issue was addressed with improved private data redaction for log entries. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-54516 LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-44172 LOW Monitor

A privacy issue was addressed with improved private data redaction for log entries. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-24100 LOW Monitor

A logic issue was addressed with improved restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-24121 LOW Monitor

A logic issue was addressed with improved checks. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-24369 LOW Monitor

Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
2.3
EPSS
0.2%
CVE-2024-57549 HIGH POC This Month

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cmsimple
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-57548 CRITICAL POC Act Now

CMSimple 5.16 allows the user to edit log.php file via print page. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Cmsimple
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-57547 HIGH POC This Month

Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Cmsimple
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57546 HIGH POC This Month

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cmsimple
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57373 HIGH This Month

Cross Site Request Forgery (CSRF) vulnerability in LifestyleStore v1.0 allows a remote attacker to execute unauthorized actions on behalf of an authenticated user, potentially leading to account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-57052 CRITICAL This Week

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Session Fixation PHP Youdiancms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-56316 HIGH This Month

In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2024-56178 MEDIUM This Month

An issue was discovered in Couchbase Server 7.6.x through 7.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-54728 MEDIUM This Month

Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-48662 MEDIUM This Month

Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (4778) and before allows an attacker to execute arbitrary code via a crafted payload to the fontMatrix component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-24153 MEDIUM This Month

A buffer overflow issue was addressed with improved memory handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Apple macOS
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-24152 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-24141 LOW Monitor

An authentication issue was addressed with improved state management. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os iOS
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-24140 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple macOS
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-24135 HIGH This Month

This issue was addressed with improved message validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.0%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy