Skip to main content
CVE-2024-7141 MEDIUM This Month

Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-1223 MEDIUM This Month

An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Citrix
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-1222 MEDIUM This Month

An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Citrix
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2024-13849 MEDIUM This Month

The Cookie Notice Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Cookie Notice Bar
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-21106 MEDIUM This Month

Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Recoverpoint For Virtual Machines
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-51338 MEDIUM This Month

PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters of index.php page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Meeting Room Booking System
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-51337 MEDIUM This Month

PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in "lid" parameter in index. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Event Ticketing System
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-49337 MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Openpages With Watson
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-13520 MEDIUM This Month

The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2025-1483 MEDIUM PATCH This Month

The LTL Freight Quotes - GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Ltl Freight Quotes PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-24947 MEDIUM This Month

A hash collision vulnerability (in the hash table used to manage connections) in LSQUIC (aka LiteSpeed QUIC) before 4.2.0 allows remote attackers to cause a considerable CPU load on the server (a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-24946 MEDIUM This Month

The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-23020 MEDIUM PATCH This Month

An issue was discovered in Kwik before 0.10.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-49355 MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Openpages With Watson
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-49780 MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Path Traversal Openpages With Watson
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-27097 MEDIUM PATCH This Month

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Denial Of Service Graphql Mesh
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-6696 MEDIUM This Month

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-13748 MEDIUM This Month

The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS Ultimate Classified Listings
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-13855 MEDIUM This Month

The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49779 MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass CSRF Openpages With Watson
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-43196 MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Openpages With Watson
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49344 MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Session Fixation Openpages With Watson
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-25299 LOW PATCH Monitor

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 4.0
2.3
EPSS
0.6%
CVE-2024-7131 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-1258 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy