Skip to main content
CVE-2025-32270 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Broadstreet Broadstreet allows Cross Site Request Forgery.51.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32269 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Cross Site Request Forgery.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32268 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in www.15.to QR Code Tag for WC allows Cross Site Request Forgery.9.36. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32267 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media - WordPress to Hootsuite allows Cross Site Request Forgery.5.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32266 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy 404 Image Redirection (Replace Broken Images) allows Cross Site Request Forgery.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32265 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery.3.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32264 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam UltraAddons Elementor Lite allows Cross Site Request Forgery.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32263 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in BeRocket Sequential Order Numbers for WooCommerce allows Cross Site Request Forgery.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32262 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Robert D Payne RDP Wiki Embed allows Cross Site Request Forgery.2.20. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32261 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-42208 LOW Monitor

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-3191 LOW Monitor

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting (XSS) via the Embedded button which will then result in saving the payload in the <iframe> tag. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-3265 MEDIUM POC This Week

A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi E Diary Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-29477 MEDIUM POC This Month

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event. Rated medium severity (CVSS 5.5). Public exploit code available and no vendor patch available.

Denial Of Service Fluent Bit
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-3258 MEDIUM POC This Week

A vulnerability classified as critical was found in PHPGurukul Old Age Home Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3255 MEDIUM POC This Month

A vulnerability was found in xujiangfei admintwo 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Admintwo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3254 MEDIUM POC This Month

A vulnerability was found in xujiangfei admintwo 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Admintwo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-3250 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Eladmin
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3249 MEDIUM POC This Month

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.2%
CVE-2025-3244 MEDIUM POC This Month

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3242 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi E Diary Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3239 MEDIUM POC This Week

A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3238 MEDIUM POC This Week

A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-1865 HIGH This Month

The kernel driver, accessible to low-privileged users, exposes a function that fails to properly validate the privileges of the calling process. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-3220 MEDIUM POC This Week

A vulnerability was found in PHPGurukul e-Diary Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi E Diary Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3215 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3086 MEDIUM This Month

Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-2317 HIGH This Month

The Product Filter by WBW plugin for WordPress is vulnerable to time-based SQL Injection via the filtersDataBackend parameter in all versions up to, and including, 2.7.9 due to insufficient escaping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-2279 MEDIUM POC This Month

The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Maps PHP
NVD WPScan
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-3204 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in CodeAstro Car Rental System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Car Rental System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-24310 MEDIUM Monitor

Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2025-29796 MEDIUM Monitor

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Apple Edge iOS
NVD
CVSS 3.1
4.7
EPSS
1.6%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy