Skip to main content
CVE-2024-13672 MEDIUM PATCH This Month

The Mini Course Generator | Embed mini-courses and interactive content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mcg' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Mini Course Generator
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13455 MEDIUM PATCH This Month

The igumbi Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'igumbi_calendar' shortcode in all versions up to, and including, 1.40 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Igumbi
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13461 MEDIUM PATCH This Month

The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autoship-create-scheduled-order-action' shortcode in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Autoship Cloud
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1407 MEDIUM This Month

The AMO Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's amoteam_skills shortcode in all versions up to, and including, 1.1.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Amo Team Showcase PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1406 MEDIUM This Month

The Newpost Catch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's npc shortcode in all versions up to, and including, 1.3.19 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13751 MEDIUM This Month

The 3D Photo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'des[]' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS 3D Photo Gallery
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13388 MEDIUM This Month

The TCBD Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbdtooltip_text' shortcode in all versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Tcbd Tooltip
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13379 MEDIUM This Month

The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.5 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS C9 Admin Dashboard
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-27104 LOW POC PATCH Monitor

vyper is a Pythonic Smart Contract Language for the EVM. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 4.0
2.3
EPSS
0.3%
CVE-2025-27105 LOW POC PATCH Monitor

vyper is a Pythonic Smart Contract Language for the EVM. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Vyper
NVD GitHub
CVSS 4.0
2.3
EPSS
0.3%
CVE-2025-0838 MEDIUM PATCH This Month

There exists a heap buffer overflow vulnerable in Abseil-cpp. Rated medium severity (CVSS 5.9). This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Common Libraries Debian Linux Red Hat +1
NVD GitHub
CVSS 4.0
5.9
EPSS
0.3%
CVE-2025-1001 MEDIUM This Month

Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2024-55156 MEDIUM This Month

An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Java
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-45673 MEDIUM This Month

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Security Verify Bridge Directory Sync Security Verify Gateway For Radius +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-13537 MEDIUM This Month

The C9 Blocks plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.7.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP C9 Blocks
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-1402 MEDIUM This Month

The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Event Tickets PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-0728 MEDIUM PATCH This Month

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Threadx Netx Duo
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0727 MEDIUM PATCH This Month

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Threadx Netx Duo
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13818 MEDIUM This Month

The Registration Forms - User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-1544 MEDIUM This Month

A vulnerability, which was classified as critical, was found in dingfanzu CMS up to 20250210. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-12276 MEDIUM PATCH This Month

The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

WordPress SQLi Ultimate Member
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-1537 MEDIUM This Month

A vulnerability was found in Harpia DiagSystem 12. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1470 MEDIUM PATCH This Month

In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Omr
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2024-38657 MEDIUM This Month

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-13846 MEDIUM This Month

The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 3.9 due to insufficient escaping on. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Ultimate Learning Pro
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2020-6158 MEDIUM This Month

Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-13883 MEDIUM This Month

The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-55159 MEDIUM This Month

GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the SortName parameter at /system/loginLog/list. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
4.2
EPSS
0.1%
CVE-2024-13900 MEDIUM PATCH This Month

The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable.

RCE WordPress PHP Code Injection Head Footer And Post Injections
NVD
CVSS 3.1
4.1
EPSS
0.3%
CVE-2025-26622 LOW PATCH Monitor

vyper is a Pythonic Smart Contract Language for the EVM. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable.

Information Disclosure Vyper
NVD GitHub
CVSS 4.0
2.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy