Skip to main content
CVE-2025-28910 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar allows Cross Site Request Forgery. This issue affects WP Hide Admin Bar: from n/a through 2.0. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28909 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in edwardw WP No-Bot Question allows Cross Site Request Forgery. This issue affects WP No-Bot Question: from n/a through 0.1.7. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28902 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button allows Cross Site Request Forgery. This issue affects Contact Form 7 Select Box Editor Button: from n/a through 0.6. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28887 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column allows Cross Site Request Forgery. This issue affects Plugins Last Updated Column: from n/a through 0.1.3. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28886 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram allows Cross Site Request Forgery. This issue affects REST API TO MiniProgram: from n/a through 4.7.1. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28884 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator allows Cross Site Request Forgery. This issue affects WP Bulk Post Duplicator: from n/a through 1.2. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28881 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes allows Cross Site Request Forgery. This issue affects Mobile Themes: from n/a through 1.1.1. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-33501 MEDIUM This Month

SQL injection flaws in Fortinet's FortiAnalyzer, FortiManager, and FortiAnalyzer-BigData allow an authenticated attacker with elevated privileges to inject malicious commands through specially crafted requests. The vulnerability affects specific versions of these management and analytics platforms (7.4.0-7.4.2 and earlier 7.2.x versions). A privileged attacker could exploit this to execute unauthorized code or commands on the affected system, potentially compromising the security infrastructure these tools are meant to protect.

Fortinet SQLi
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-23185 MEDIUM This Month

Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. [CVSS 4.1 MEDIUM]

Information Disclosure SAP
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-27397 LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. [CVSS 3.8 LOW]

Path Traversal Siemens
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2024-55592 LOW Monitor

An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests. [CVSS 3.8 LOW]

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2024-41760 LOW Monitor

IBM's cryptographic software (versions 7.0.0-7.5.51) has a timing-based weakness that leaks information during RSA encryption operations, allowing attackers to potentially recover sensitive cryptographic keys or data by measuring how long operations take to complete. This affects organizations using IBM Common Cryptographic Architecture for security operations. An attacker with the ability to measure response times could exploit this flaw to gradually deduce private key information used in RSA encryption.

IBM Information Disclosure
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-27430 LOW Monitor

Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. [CVSS 3.5 LOW]

RCE
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-0900 LOW Monitor

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. [CVSS 3.3 LOW]

Information Disclosure
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2025-26655 LOW Monitor

SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted. [CVSS 3.1 LOW]

Authentication Bypass SAP
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2024-28607 LOW Monitor

The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value. [CVSS 2.9 LOW]

Node.js SSRF
NVD GitHub
CVSS 3.1
2.9
EPSS
0.0%
CVE-2025-27398 LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. [CVSS 2.7 LOW]

Command Injection Siemens
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-2191 LOW Monitor

A vulnerability, which was classified as problematic, has been found in Claro A7600-A1 RNR4-A72T-2x16_v2110403_CLA_32_160817. Affected by this issue is some unknown functionality of the file /form2pingv6.cgi of the component Ping6 Diagnóstico. [CVSS 2.4 LOW]

XSS
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-2213 LOW Monitor

A vulnerability was found in Castlenet CBW383G2N versions up to 20250301. is affected by cross-site scripting (xss) (CVSS 2.4).

XSS
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-2212 LOW Monitor

A vulnerability was found in Castlenet CBW383G2N versions up to 20250301. is affected by cross-site scripting (xss) (CVSS 2.4).

XSS
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-27432 LOW Monitor

The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. [CVSS 2.4 LOW]

Authentication Bypass SAP
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-27101 Monitor

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of the application are impacted, as this is exploitable by any user to reveal all files in the opal file...

Path Traversal
NVD GitHub
EPSS
0.4%
CVE-2025-22368 This Week

The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.

Command Injection
NVD
EPSS
0.4%
CVE-2025-22367 This Week

The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.

Command Injection
NVD
EPSS
0.4%
CVE-2025-22366 This Week

The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.

Command Injection
NVD
EPSS
0.4%
CVE-2025-22370 This Week

Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized.

RCE SQLi
NVD
EPSS
0.3%
CVE-2025-27403 PATCH This Week

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry (ACR). The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure ...

Kubernetes
NVD GitHub
EPSS
0.2%
CVE-2025-22369 Monitor

The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.

Path Traversal Information Disclosure
NVD
EPSS
0.2%
CVE-2025-22213 This Week

Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.

PHP
NVD
EPSS
0.1%
CVE-2025-27792 This Week

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery (CSRF) were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referrer header can be dropped from CSRF requests using `<meta name="referrer" content="never">`, effecti...

CSRF
NVD GitHub
EPSS
0.1%
CVE-2025-2189 Monitor

This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware.

Information Disclosure
NVD
EPSS
0.0%
CVE-2024-12546 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
Prev Page 7 of 7

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy