Skip to main content
CVE-2024-57055 MEDIUM This Month

Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-1269 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing.1.1 - 1010. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Open Redirect
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-45783 MEDIUM PATCH This Month

A flaw was found in grub2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-13783 MEDIUM This Month

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Authentication Bypass Formcraft
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13740 MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Profilegrid
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13687 MEDIUM This Month

The Team Builder - Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Team Builder
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-25471 MEDIUM PATCH This Month

FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13718 MEDIUM PATCH This Month

The Flexible Wishlist for WooCommerce - Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.26. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Flexible Wishlist For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-13795 MEDIUM PATCH This Month

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Ecwid Ecommerce Shopping Cart
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-13438 MEDIUM PATCH This Month

The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Speedsize Image Video Ai Optimizer
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-0796 MEDIUM This Month

The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-26603 MEDIUM PATCH This Month

Vim is a greatly improved version of the good old UNIX editor Vi. Rated medium severity (CVSS 4.2). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Vim Hci Compute Node +2
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2024-57050 POC This Week

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-4028 LOW Monitor

A vulnerability was found in Keycloak. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
3.8
EPSS
0.2%
CVE-2024-57257 LOW PATCH Monitor

A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting. Rated low severity (CVSS 2.0), this vulnerability is no authentication required.

Information Disclosure U Boot
NVD
CVSS 3.1
2.0
EPSS
0.1%
CVE-2025-25300 LOW PATCH Monitor

smartbanner.js is a customizable smart app banner for iOS and Android. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google XSS
NVD GitHub
CVSS 4.0
1.3
EPSS
0.3%
CVE-2024-13636 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy