Skip to main content
CVE-2024-53974 MEDIUM This Month

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-24841 MEDIUM This Month

Movable Type contains a stored cross-site scripting vulnerability in the HTML edit mode of MT Block Editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2025-22888 MEDIUM This Month

Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2023-51305 MEDIUM This Month

PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27089 MEDIUM PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Directus
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-28776 MEDIUM This Month

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cognos Controller Controller
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-13231 MEDIUM This Month

The WordPress Portfolio Builder - Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Portfoliohub
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-13364 MEDIUM This Month

The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2025-0968 MEDIUM PATCH This Month

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Authentication Bypass Elementskit Elementor Addons PHP +1
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-13719 MEDIUM This Month

The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-1447 MEDIUM This Month

A vulnerability was found in kasuganosoras Pigeon 1.0.177. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0633 MEDIUM PATCH This Month

Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Red Hat Suse
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2024-13712 MEDIUM This Month

The Pollin plugin for WordPress is vulnerable to SQL Injection via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient escaping on the user supplied parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Pollin
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-37360 MEDIUM This Month

Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralize. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-1118 MEDIUM PATCH This Month

GRUB2 bootloader fails to enforce lockdown mode restrictions on the dump command, allowing local privileged users to read arbitrary memory contents and extract sensitive cryptographic material including signatures, salts, and other secrets. Grub2 is affected across multiple Linux distributions including Red Hat Enterprise Linux and SUSE Linux Enterprise. The vulnerability carries a CVSS score of 4.4 with a low EPSS exploitation probability of 0.05% (14th percentile), indicating limited real-world attack likelihood despite the information disclosure impact. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-20158 MEDIUM This Month

A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Video Phone 8875 Firmware Desk Phone 9871 Firmware Desk Phone 9841 Firmware +2
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-13854 MEDIUM This Month

The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naedu_elementor_template shortcode due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Education Addon
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-22622 MEDIUM This Month

Age Verification for your checkout page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13336 MEDIUM This Month

The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Disable Auto Updates
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-13405 MEDIUM This Month

The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy