Skip to main content
CVE-2025-1769 MEDIUM PATCH This Month

The Product Import Export for WooCommerce - Import Export Product CSV Suite plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.0 via the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Product Import Export For Woocommerce PHP
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2022-39163 MEDIUM This Month

IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Request Smuggling XSS Cognos Controller Controller
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2025-29322 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2025-20227 MEDIUM This Month

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24972 MEDIUM This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-24808 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Race Condition Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-2276 MEDIUM This Month

The Ultimate Dashboard - Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20230 MEDIUM This Month

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Secure Gateway
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-30164 MEDIUM PATCH This Month

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Icinga Web 2 Suse
NVD GitHub
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-27552 MEDIUM This Month

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-27551 MEDIUM This Month

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-2825 POC CERT-EU This Week

Rejected reason: DO NOT USE THIS CVE RECORD. No vendor patch available.

Information Disclosure
NVD
CVE-2025-2528 LOW Monitor

Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the. Rated low severity (CVSS 3.6). No vendor patch available.

Microsoft Authentication Bypass Remote Desktop Manager Windows
NVD
CVSS 3.1
3.6
EPSS
0.0%
CVE-2025-31160 LOW Monitor

atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
2.9
EPSS
0.1%
CVE-2025-1911 LOW PATCH Monitor

The Product Import Export for WooCommerce - Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure Product Import Export For Woocommerce PHP
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2025-20233 LOW Monitor

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute. Rated low severity (CVSS 2.5). No vendor patch available.

Python Information Disclosure Splunk App For Lookup File Editing Splunk
NVD
CVSS 3.1
2.5
EPSS
0.0%
CVE-2025-2596 LOW Monitor

Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL). Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-27609 LOW Monitor

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated low severity (CVSS 1.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Icinga Web 2
NVD GitHub
CVSS 4.0
1.1
EPSS
0.2%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-20226 MEDIUM This Month

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-55963 MEDIUM POC THREAT This Week

An issue was discovered in Appsmith before 1.51. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.2%.

Authentication Bypass Denial Of Service Appsmith
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
25.2%
CVE-2025-26004 CRITICAL This Week

Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tlr 2005Ksh Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-2783 HIGH POC KEV PATCH THREAT Act Now

Google Chrome on Windows contains a Mojo IPC handle validation flaw enabling sandbox escape through a malicious file, exploited in targeted attacks against Russian organizations in March 2025.

Microsoft Google Information Disclosure Chrome Windows +1
NVD Exploit-DB
CVSS 3.1
8.3
EPSS
35.6%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy