Skip to main content
CVE-2025-2339 MEDIUM POC This Month

A vulnerability was found in otale Tale Blog 2.0.5. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tale Blog
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2345 CRITICAL Act Now

A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-1621 MEDIUM POC This Month

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gdpr Cookie Compliance PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-1620 MEDIUM POC This Month

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gdpr Cookie Compliance PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-1619 MEDIUM POC This Month

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gdpr Cookie Compliance PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-13602 MEDIUM POC This Month

The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Poll Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-2340 MEDIUM POC This Month

A vulnerability was found in otale Tale Blog 2.0.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tale Blog
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-13126 MEDIUM POC This Month

The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Authentication Bypass Path Traversal Download Manager
NVD WPScan
CVSS 3.1
4.6
EPSS
0.6%
CVE-2025-30074 HIGH This Week

Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine. Rated high severity (CVSS 7.8). No vendor patch available.

Apple Intel Authentication Bypass Privilege Escalation macOS
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-49737 HIGH PATCH This Week

In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable.

Information Disclosure Suse
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-30076 HIGH This Week

Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-2343 HIGH This Week

A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-1624 LOW POC Monitor

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gdpr Cookie Compliance PHP
NVD WPScan
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-1623 LOW POC Monitor

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gdpr Cookie Compliance PHP
NVD WPScan
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-2342 MEDIUM This Month

A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2344 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2351 MEDIUM This Month

A vulnerability classified as critical was found in DayCloud StudentManage 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2346 MEDIUM This Month

A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-30077 MEDIUM PATCH This Month

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-2337 LOW POC PATCH Monitor

A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.5%
CVE-2025-2338 LOW POC PATCH Monitor

A vulnerability, which was classified as critical, was found in tbeu matio 1.5.28. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2024-58103 MEDIUM PATCH This Month

Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-2350 MEDIUM This Month

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Fx2 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2348 MEDIUM This Month

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fx2 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-2347 MEDIUM This Month

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fx2 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-2335 MEDIUM This Month

A vulnerability classified as problematic was found in Drivin Soluções up to 20250226. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2352 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Starsea Mall
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-24856 MEDIUM PATCH This Month

An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-1622 LOW Monitor

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Gdpr Cookie Compliance PHP
NVD WPScan
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-2341 LOW Monitor

A vulnerability was found in IROAD Dash Cam X5 up to 20250203. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-2349 LOW Monitor

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Fx2 Firmware
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy