Skip to main content
CVE-2025-31387 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion.1.0.82. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-30835 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Accounting for WooCommerce allows PHP Local File Inclusion.6.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI WordPress PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-31103 HIGH This Week

Untrusted data deserialization vulnerability exists in a-blog cms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization A Blog Cms
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-31016 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetWooBuilder allows PHP Local File Inclusion.1.18. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-24221 HIGH This Week

This issue was addressed with improved data access restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-1449 HIGH This Week

A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell Information Disclosure
NVD
CVSS 4.0
7.5
EPSS
0.4%
CVE-2025-2586 HIGH This Week

A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-30855 HIGH This Week

Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads allows Exploiting Incorrectly Configured Access Control Security Levels.0.87.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-24229 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2025-30437 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Buffer Overflow macOS
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2025-30460 HIGH This Week

A permissions issue was addressed by removing vulnerable code and adding additional checks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2025-3002 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
2.6%
CVE-2025-31625 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ramanparashar Useinfluence allows Stored XSS.0.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31615 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in owenr88 Simple Contact Forms allows Stored XSS.6.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23995 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ta2g Tantyyellow allows Reflected XSS.0.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-24257 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-31623 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-31617 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Cross Site Request Forgery.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-31616 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress allows Cross Site Request Forgery.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-31613 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-31585 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for WordPress allows Cross Site Request Forgery.1.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-31583 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Copy Media URL allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-31570 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy Related Posts Widget with Thumbnails allows Stored XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-31569 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy wordpress related Posts with thumbnails allows Stored XSS.0.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-31566 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in riosisgroup Rio Video Gallery allows Stored XSS.3.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-54533 HIGH This Week

A permissions issue was addressed with additional sandbox restrictions. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2025-31128 MEDIUM PATCH This Month

gifplayer is a customizable jquery plugin to play and stop animated gifs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3047 MEDIUM PATCH This Month

When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-3048 MEDIUM PATCH This Month

After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-24272 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2025-31680 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.0.0 before 1.24.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Matomo Analytics Drupal
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-31683 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.0.0 before 1.8.0, from 2.0.0 before 2.0.8. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google CSRF Google Tag Drupal
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-31688 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.0.0 before 1.10.0, from 2.0.0 before 2.0.2. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Configuration Split Drupal
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-31684 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.0.0 before 4.1.3. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Oauth2 Client Drupal
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-31192 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-31693 MEDIUM PATCH This Month

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.0.0 before 1.0.5. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Artificial Intelligence
NVD VulDB
CVSS 3.1
6.6
EPSS
0.6%
CVE-2025-24194 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2025-3062 MEDIUM This Month

Vulnerability in Drupal Drupal Admin LTE theme.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Admin Lte Theme Drupal
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2025-31577 MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in appointify Appointify allows Upload a Web Shell to a Web Server.0.8. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2025-3060 MEDIUM This Month

Vulnerability in Drupal Flattern - Multipurpose Bootstrap Business Profile.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Flattern Drupal
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2025-3061 MEDIUM This Month

Vulnerability in Drupal Material Admin.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Material Admin Drupal
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-30446 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2025-24198 MEDIUM This Month

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-24192 MEDIUM This Month

A script imports issue was addressed with improved isolation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-24239 MEDIUM This Month

A downgrade issue was addressed with additional code-signing restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-31539 MEDIUM This Month

Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack allows Exploiting Incorrectly Configured Access Control Security Levels.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-31629 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacob Allred Infusionsoft Web Form JavaScript allows Stored XSS.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31624 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LABCAT Processing Projects allows DOM-Based XSS.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31621 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidpaulsson byBrick Accordion allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31620 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in carperfer CoverManager allows Stored XSS.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 4 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy