Skip to main content
CVE-2025-32635 HIGH This Week

Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support allows Retrieve Embedded Sensitive Data.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-32594 HIGH This Week

Insertion of Sensitive Information Into Sent Data vulnerability in WPMinds Simple WP Events allows Retrieve Embedded Sensitive Data.8.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-32544 HIGH This Week

Missing Authorization vulnerability in The Right Software WooCommerce Loyal Customers allows Accessing Functionality Not Properly Constrained by ACLs.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-3509 HIGH This Week

A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Privilege Escalation Enterprise Server
NVD GitHub
CVSS 4.0
7.1
EPSS
2.3%
CVE-2025-39532 HIGH This Week

Missing Authorization vulnerability in spicethemes Spice Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.0.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-26968 HIGH This Week

Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels.9.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-1525 LOW POC Monitor

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Dashboard PHP
NVD WPScan
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-1524 LOW POC Monitor

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Dashboard PHP
NVD WPScan
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-1523 LOW POC Monitor

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Dashboard PHP
NVD WPScan
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-11924 LOW POC Monitor

The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Icegram Express
NVD WPScan
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-32596 HIGH This Week

Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager allows Code Injection.3. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-26268 LOW POC PATCH Monitor

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Redis Dragonfly
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2025-26269 LOW POC PATCH Monitor

DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Dragonfly
NVD GitHub
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-43708 LOW POC Monitor

VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Visicut
NVD GitHub
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-39535 HIGH This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse.1.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-2947 HIGH This Week

IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-29181 HIGH This Week

FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Foxcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-29180 HIGH This Week

In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Foxcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-22651 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wppluginboxdev Stylish Google Sheet Reader allows Reflected XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2025-39583 HIGH This Week

Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels.12.10.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32620 HIGH This Week

Missing Authorization vulnerability in fromdoppler Doppler Forms allows Exploiting Incorrectly Configured Access Control Security Levels.4.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-25234 HIGH This Week

Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cors Misconfiguration Unified Access Gateway
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39594 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Arigato Autoresponder and Newsletter allows Reflected XSS.7.2.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39567 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free allows Reflected XSS.7.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39558 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS.1.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39521 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani Contact Form vCard Generator allows Reflected XSS.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39519 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtpHarry Bulk Page Stub Creator allows Reflected XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39464 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtowebsites AdminQuickbar allows Reflected XSS.9.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39432 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antonchanning bbPress2 shortcode whitelist allows Stored XSS.2.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-39420 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ruudkok WP Twitter Button allows Stored XSS.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32674 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce allows Reflected XSS.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32670 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Parnell Spark GF Failed Submissions allows Reflected XSS.3.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32666 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support allows Reflected XSS.2.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32653 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lee Blue Cart66 Cloud allows Reflected XSS.3.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32651 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in serpednet SERPed.net allows Reflected XSS.net: from n/a through 4.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32649 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gb-plugins GB Gallery Slideshow allows Reflected XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32646 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Question Answer allows Reflected XSS.2.70. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32639 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wecantrack Affiliate Links Lite allows Reflected XSS.1.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32638 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weptile ShopApper allows Stored XSS.4.39. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32637 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ketanajani WP Donate allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32634 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP allows Reflected XSS.0.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32630 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Reflected XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32628 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham Crowdfunding for WooCommerce allows Reflected XSS.1.12. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32625 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pootlepress Mobile Pages allows Reflected XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32622 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTP-less OTP-less one tap Sign in allows Reflected XSS.0.58. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32615 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clinked Clinked Client Portal allows Reflected XSS.10. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32613 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS.3.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32611 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in We Are De WooCommerce TBC Credit Card Payment Gateway (Free) allows Reflected XSS.0.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32609 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect allows Reflected XSS.0.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32608 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Movylo Movylo Marketing Automation allows Reflected XSS.0.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
Prev Page 3 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy