Skip to main content
CVE-2025-27796 MEDIUM PATCH This Month

ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Buffer Overflow Graphicsmagick Suse
NVD
CVSS 3.1
4.5
EPSS
0.1%
CVE-2025-27795 MEDIUM PATCH This Month

ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Graphicsmagick Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-13635 MEDIUM This Month

The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13552 MEDIUM This Month

The SupportCandy - Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass File Upload
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-25617 MEDIUM This Month

Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13526 MEDIUM This Month

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Eventprime
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-0748 MEDIUM This Month

The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-26708 MEDIUM This Month

There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2024-53699 LOW Monitor

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap Memory Corruption Buffer Overflow Qts Quts Hero
NVD
CVSS 4.0
2.1
EPSS
0.2%
CVE-2024-53697 LOW Monitor

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap Memory Corruption Buffer Overflow Quts Hero Qts
NVD
CVSS 4.0
2.1
EPSS
0.2%
CVE-2024-38638 LOW Monitor

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap Memory Corruption Buffer Overflow Qts Quts Hero
NVD
CVSS 4.0
2.1
EPSS
0.2%
CVE-2024-53698 LOW Monitor

A double free vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap Information Disclosure Qts Quts Hero
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2024-12975 LOW Monitor

A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface. Rated low severity (CVSS 1.0), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 4.0
1.0
EPSS
0.0%
CVE-2025-21837 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy