Skip to main content
CVE-2025-0627 LOW POC Monitor

The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Taxopress PHP
NVD WPScan
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-9771 LOW POC Monitor

The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Recall
NVD WPScan
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-4032 LOW POC Monitor

A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Command Injection Aworld
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
2.7%
CVE-2025-32471 LOW Monitor

The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.7
EPSS
0.3%
CVE-2023-35814 LOW Monitor

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Devexpress
NVD
CVSS 3.1
3.5
EPSS
0.6%
CVE-2023-35816 LOW Monitor

DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Devexpress
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2023-35815 LOW Monitor

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Devexpress
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-0049 LOW Monitor

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Goanywhere Managed File Transfer
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-46614 LOW Monitor

In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-46327 LOW PATCH Monitor

gosnowflake is the Snowflake Golang driver. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Apple Information Disclosure Gosnowflake macOS
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-46326 LOW PATCH Monitor

snowflake-connector-net is the Snowflake Connector for .NET. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Apple Information Disclosure Snowflake Connector macOS
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-46328 LOW PATCH Monitor

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Apple Information Disclosure Snowflake Connector macOS
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43854 LOW PATCH Monitor

DIFY is an open-source LLM app development platform. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Dify
NVD GitHub
CVSS 4.0
2.3
EPSS
0.2%
CVE-2025-23376 LOW Monitor

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Ssti Powerprotect Data Manager
NVD
CVSS 3.1
2.3
EPSS
0.1%
CVE-2024-12706 LOW Monitor

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy