Skip to main content
CVE-2025-1429 HIGH This Week

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Heap Overflow RCE Autocad +8
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1428 HIGH This Week

A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1427 HIGH This Week

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Autocad Autocad Architecture Autocad Electrical +6
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-2265 HIGH This Week

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-10942 HIGH This Week

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure WordPress PHP Deserialization
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2025-2271 HIGH This Week

A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2024-8402 LOW POC Monitor

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Rated low severity (CVSS 3.7). Public exploit code available and no vendor patch available.

Command Injection Gitlab Google
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-2106 HIGH This Week

The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text' and 'id' parameters of the limpia() function in all versions up to, and including, 1.0.8 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-1119 HIGH This Week

The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Code Injection
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2025-2284 HIGH This Week

A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-2107 HIGH This Week

The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the printResultAndDie() function in all versions up to, and including, 1.0.8 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-2277 HIGH This Week

Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-1561 HIGH PATCH This Week

The AppPresser - Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 4.4.10 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Apppresser PHP
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-25175 HIGH This Week

A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Simcenter Femap
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-24053 HIGH This Week

Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Dataverse
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-13054 MEDIUM This Month

An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2024-7296 LOW POC Monitor

An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2024-57062 MEDIUM This Month

An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. Rated medium severity (CVSS 6.7). No vendor patch available.

Apple Privilege Escalation Soundcloud
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-1636 MEDIUM This Month

Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Hashicorp Information Disclosure Remote Desktop Manager Windows
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-1635 MEDIUM This Month

Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Remote Desktop Manager Windows
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-1767 MEDIUM PATCH This Month

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2278 MEDIUM This Month

Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1257 MEDIUM This Month

An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25363 MEDIUM This Month

An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian XSS Enterprise Mail Handler
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1559 MEDIUM This Month

The CC-IMG-Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'img' shortcode in all versions up to, and including, 1.1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1503 MEDIUM This Month

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Roundup Recipe Name field in all versions up to, and including, 9.8.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-9042 MEDIUM PATCH This Month

This CVE affects only Windows worker nodes. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Windows Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-1785 MEDIUM PATCH This Month

The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Denial Of Service Download Manager PHP
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2025-25625 MEDIUM This Month

A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d_118101 and web firmware v2.2.2, which allows an authenticated web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS S3150 8T2F Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-13887 MEDIUM This Month

The Business Directory Plugin - Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-2250 MEDIUM This Month

The WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-29768 MEDIUM PATCH This Month

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Vim Bootstrap Os Red Hat Suse +1
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-12380 MEDIUM This Month

An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-21104 MEDIUM This Month

Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Dell Networker
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30143 MEDIUM This Month

HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-2104 MEDIUM PATCH This Month

The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Pagelayer PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13703 MEDIUM This Month

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-0652 MEDIUM This Month

An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2020-36843 MEDIUM PATCH This Month

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Jwt Attack Information Disclosure Java Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27496 LOW PATCH Monitor

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Snowflake Jdbc
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-1266 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2024-12858 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-2275 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy