Skip to main content
CVE-2025-0627 LOW POC Monitor

The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Taxopress PHP
NVD WPScan
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-9771 LOW POC Monitor

The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Recall
NVD WPScan
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-22235 HIGH PATCH This Week

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Spring Red Hat
NVD HeroDevs
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-3224 HIGH This Week

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. Rated high severity (CVSS 7.3). No vendor patch available.

Microsoft Docker Privilege Escalation Desktop Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2015-4582 HIGH This Week

The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress allows header.php tcp_register_error XSS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Oracle PHP XSS Boot Store
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-27937 HIGH This Week

Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-4019 MEDIUM This Month

A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Novel Plus
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-4015 MEDIUM This Month

A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Novel Plus
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-31144 MEDIUM This Month

Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-4032 LOW POC Monitor

A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Command Injection Aworld
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
2.7%
CVE-2025-4003 MEDIUM This Month

A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-4002 MEDIUM This Month

A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2024-11922 MEDIUM This Month

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Goanywhere Managed File Transfer
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2022-41871 MEDIUM This Month

SEPPmail through 12.1.17 allows command injection within the Admin Portal. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE Seppmail
NVD
CVSS 3.1
6.0
EPSS
1.0%
CVE-2025-3706 MEDIUM This Month

The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-10635 MEDIUM This Month

Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Protection
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-43857 MEDIUM PATCH This Month

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Red Hat Suse
NVD GitHub
CVSS 4.0
6.0
EPSS
0.5%
CVE-2025-32472 MEDIUM This Month

The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2025-4016 MEDIUM This Month

A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Novel Plus
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-39367 MEDIUM This Month

Missing Authorization vulnerability in SeventhQueen Kleo.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3997 MEDIUM This Month

A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-4006 MEDIUM This Month

A vulnerability classified as critical has been found in youyiio BeyongCms 1.6.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass File Upload
NVD VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4011 MEDIUM This Month

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4000 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Oa Web Application System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3999 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Application System 8.1 SP2.jsp of the component URL Parameter Handler. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Oa Web Application System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2023-35817 MEDIUM This Month

DevExpress before 23.1.3 allows AsyncDownloader SSRF. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Devexpress
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-32499 MEDIUM This Month

Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Project Center
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-42404 MEDIUM This Month

OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Java Workspace
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2025-4001 MEDIUM This Month

A vulnerability has been found in scipopt scip up to 9.2.1 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-23377 MEDIUM This Month

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Code Injection Powerprotect Data Manager
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-32471 LOW Monitor

The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.7
EPSS
0.3%
CVE-2023-35814 LOW Monitor

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Devexpress
NVD
CVSS 3.1
3.5
EPSS
0.6%
CVE-2023-35816 LOW Monitor

DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Devexpress
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2023-35815 LOW Monitor

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Devexpress
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-0049 LOW Monitor

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Goanywhere Managed File Transfer
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-46614 LOW Monitor

In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-46327 LOW PATCH Monitor

gosnowflake is the Snowflake Golang driver. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Apple Information Disclosure Gosnowflake macOS
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-46326 LOW PATCH Monitor

snowflake-connector-net is the Snowflake Connector for .NET. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Apple Information Disclosure Snowflake Connector macOS
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-46328 LOW PATCH Monitor

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Apple Information Disclosure Snowflake Connector macOS
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43854 LOW PATCH Monitor

DIFY is an open-source LLM app development platform. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Dify
NVD GitHub
CVSS 4.0
2.3
EPSS
0.2%
CVE-2025-23376 LOW Monitor

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Ssti Powerprotect Data Manager
NVD
CVSS 3.1
2.3
EPSS
0.1%
CVE-2024-12706 LOW Monitor

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
2.1
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy