Skip to main content
CVE-2025-26703 MEDIUM This Month

Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. [CVSS 4.3 MEDIUM]

Privilege Escalation
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-27436 MEDIUM This Month

The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. [CVSS 4.3 MEDIUM]

RCE
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-27433 MEDIUM This Month

The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. [CVSS 4.3 MEDIUM]

Authentication Bypass SAP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-26656 MEDIUM This Month

OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application. [CVSS 4.3 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28876 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Skrill_Team Skrill Official allows Cross Site Request Forgery. This issue affects Skrill Official: from n/a through 1.0.65. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28868 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ZipList ZipList Recipe allows Cross Site Request Forgery. This issue affects ZipList Recipe: from n/a through 3.1. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28867 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter allows Cross Site Request Forgery. This issue affects Frontpage category filter: from n/a through 1.0.2. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28866 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger allows Cross Site Request Forgery. This issue affects Login Logger: from n/a through 1.2.1. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28864 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Planet Studio Builder for Contact Form 7 by Webconstruct allows Cross Site Request Forgery. This issue affects Builder for Contact Form 7 by Webconstruct: from n/a through 1.2.2. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28863 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image allows Cross Site Request Forgery. This issue affects Delete Original Image: from n/a through 0.4. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28862 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover allows Cross Site Request Forgery. This issue affects Comment Date and Gravatar remover: from n/a through 1.0. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28859 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice allows Cross Site Request Forgery. This issue affects Maintenance Notice: from n/a through 1.0.5. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28856 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats allows Cross Site Request Forgery. This issue affects W3Counter Free Real-Time Web Stats: from n/a through 4.1. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-54026 MEDIUM This Month

An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox Cloud 24.1 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. [CVSS 4.3 MEDIUM]

Fortinet SQLi
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28941 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye allows Cross Site Request Forgery. This issue affects Spam Byebye: from n/a through 2.2.4. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28940 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28927 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name allows Cross Site Request Forgery. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28913 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item allows Cross Site Request Forgery. This issue affects WP Add Active Class To Menu Item: from n/a through 1.0. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28912 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Muntasir Rahman Custom Dashboard Page allows Cross Site Request Forgery. This issue affects Custom Dashboard Page: from n/a through 1.0. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28910 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar allows Cross Site Request Forgery. This issue affects WP Hide Admin Bar: from n/a through 2.0. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28909 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in edwardw WP No-Bot Question allows Cross Site Request Forgery. This issue affects WP No-Bot Question: from n/a through 0.1.7. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28902 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button allows Cross Site Request Forgery. This issue affects Contact Form 7 Select Box Editor Button: from n/a through 0.6. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28887 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column allows Cross Site Request Forgery. This issue affects Plugins Last Updated Column: from n/a through 0.1.3. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28886 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram allows Cross Site Request Forgery. This issue affects REST API TO MiniProgram: from n/a through 4.7.1. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28884 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator allows Cross Site Request Forgery. This issue affects WP Bulk Post Duplicator: from n/a through 1.2. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28881 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes allows Cross Site Request Forgery. This issue affects Mobile Themes: from n/a through 1.1.1. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-33501 MEDIUM This Month

SQL injection flaws in Fortinet's FortiAnalyzer, FortiManager, and FortiAnalyzer-BigData allow an authenticated attacker with elevated privileges to inject malicious commands through specially crafted requests. The vulnerability affects specific versions of these management and analytics platforms (7.4.0-7.4.2 and earlier 7.2.x versions). A privileged attacker could exploit this to execute unauthorized code or commands on the affected system, potentially compromising the security infrastructure these tools are meant to protect.

Fortinet SQLi
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-23185 MEDIUM This Month

Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. [CVSS 4.1 MEDIUM]

Information Disclosure SAP
NVD
CVSS 3.1
4.1
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy