Skip to main content
CVE-2025-32213 MEDIUM This Month

Missing Authorization vulnerability in flothemesplugins Flo Forms allows Exploiting Incorrectly Configured Access Control Security Levels.0.43. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-43037 MEDIUM This Month

IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Maximo Application Suite
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32212 MEDIUM This Month

Missing Authorization vulnerability in Specia Theme Specia Companion allows Exploiting Incorrectly Configured Access Control Security Levels.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32210 MEDIUM This Month

Missing Authorization vulnerability in CreativeMindsSolutions CM Registration and Invitation Codes allows Exploiting Incorrectly Configured Access Control Security Levels.5.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-2719 MEDIUM This Month

The Swatchly - WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32215 MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite by Online ADA allows Stored XSS.18. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-22471 MEDIUM This Month

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-32214 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support allows Stored XSS.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-32199 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyale-vc Contact Form Builder by vcita.10.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-32198 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefusecom Brizy.6.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-10894 MEDIUM This Month

The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-32216 MEDIUM This Month

Missing Authorization vulnerability in Spider Themes Spider Elements - Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.6.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-32391 MEDIUM PATCH This Month

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Hedgedoc
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-11129 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-29918 MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Suricata Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-29917 MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Suricata Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-29916 MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Suricata Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-38865 MEDIUM This Month

Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 4.0
6.0
EPSS
0.8%
CVE-2025-32027 MEDIUM PATCH This Month

Yii is an open source PHP web framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Yii
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-22374 MEDIUM This Month

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Authentication Bypass
NVD
CVSS 4.0
6.0
EPSS
0.3%
CVE-2025-31411 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Aribhour Linet ERP-Woocommerce Integration allows Path Traversal.5.12. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Path Traversal
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-32139 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bradvin FooBox Image Lightbox .7.33. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-0539 MEDIUM This Month

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft SSRF Octopus Server Windows
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-29088 MEDIUM PATCH This Month

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Sqlite Red Hat Suse
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-32221 MEDIUM This Month

Missing Authorization vulnerability in Spider Themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.6.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-25197 MEDIUM PATCH This Month

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-30148 MEDIUM PATCH This Month

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Framework
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-42007 MEDIUM This Month

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling Control Center
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-32259 MEDIUM This Month

Missing Authorization vulnerability in Alimir WP ULike.7.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-22232 MEDIUM This Month

Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Java Red Hat
NVD HeroDevs
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-32260 MEDIUM This Month

Missing Authorization vulnerability in Detheme DethemeKit For Elementor.1.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-26480 MEDIUM This Month

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-13909 MEDIUM This Month

The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-32728 MEDIUM PATCH This Month

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure SSH Openssh Debian Linux Red Hat +1
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-32383 MEDIUM PATCH This Month

MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Maxkb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-32228 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP.0.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-32230 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-32236 MEDIUM This Month

Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort - Sortable, Rearrange Products Vagonic.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-32227 MEDIUM This Month

Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum allows Identity Spoofing.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32275 MEDIUM This Month

Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing.1.5.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32282 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-43035 MEDIUM This Month

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling Control Center
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-23378 LOW Monitor

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-26479 LOW Monitor

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow Dell Powerscale Onefs
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2025-29989 LOW Monitor

Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. Rated low severity (CVSS 3.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Precision 5820 Tower Firmware Precision 7820 Tower Firmware Precision 7920 Tower Firmware +1
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-32205 LOW Monitor

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms.0.30. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
2.7
EPSS
0.4%
CVE-2025-24866 LOW PATCH Monitor

Mattermost versions 9.11.x <= 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2025-32700 LOW Monitor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP
NVD
CVSS 4.0
2.3
EPSS
0.5%
CVE-2025-32698 LOW Monitor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP
NVD
CVSS 4.0
2.1
EPSS
0.5%
CVE-2025-32699 LOW Monitor

Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
2.1
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy