Skip to main content
CVE-2025-46546 LOW Monitor

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

SQLi Sherpa Orchestrator
NVD GitHub
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-46618 LOW Monitor

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-3635 LOW PATCH Monitor

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Moodle
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-3637 LOW PATCH Monitor

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

CSRF Moodle
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2024-57375 LOW Monitor

Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service (application crash) via certain deselect actions. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
2.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy