Skip to main content
CVE-2024-12273 LOW POC Monitor

The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Calculated Fields Form
NVD WPScan
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-4085 HIGH PATCH This Week

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-4066 MEDIUM This Month

A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Online Traveling System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-4065 MEDIUM This Month

A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Online Traveling System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4067 MEDIUM This Month

A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Online Traveling System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4064 MEDIUM This Month

A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Online Traveling System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4092 MEDIUM PATCH This Month

Memory safety bugs present in Firefox 137 and Thunderbird 137. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-4086 MEDIUM PATCH This Month

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24251 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-31203 MEDIUM This Month

An integer overflow was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Apple
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-30445 MEDIUM This Month

A type confusion issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-4088 MEDIUM PATCH This Month

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2893 MEDIUM PATCH This Month

The Gutenverse - Ultimate Block Addons and Page Builder for Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's countdown Block in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Gutenverse PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-46552 MEDIUM This Month

KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2025-1551 MEDIUM This Month

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Operational Decision Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-4082 MEDIUM PATCH This Month

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Mozilla Apple
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-4084 MEDIUM PATCH This Month

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Mozilla
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-24179 MEDIUM This Month

A null pointer dereference was addressed with improved input validation. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-31197 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Apple
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2025-24270 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-23179 MEDIUM This Month

CWE-798: Use of Hard-coded Credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31202 MEDIUM This Month

A null pointer dereference was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Null Pointer Dereference Denial Of Service Ipados Iphone Os +4
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-58099 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-24271 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-3910 MEDIUM PATCH This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Build Of Keycloak Red Hat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-4090 MEDIUM PATCH This Month

A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-4075 MEDIUM This Month

A vulnerability was found in VMSMan up to 20250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3929 MEDIUM This Month

An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Email Server
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3911 MEDIUM This Month

Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords,. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2025-40616 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Bookgy
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-40615 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Bookgy
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4089 MEDIUM PATCH This Month

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Mozilla
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-46343 MEDIUM PATCH This Month

n8n is a workflow automation platform. Rated medium severity (CVSS 5.0). This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS N8n
NVD GitHub
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-46344 MEDIUM PATCH This Month

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
4.9
EPSS
0.3%
CVE-2025-4087 MEDIUM PATCH This Month

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Mozilla
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2025-0716 MEDIUM This Month

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Red Hat
NVD HeroDevs
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-4035 MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-3452 MEDIUM PATCH This Month

The SecuPress Free - WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupress_reinstall_plugins_admin_ajax_cb'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Secupress PHP
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-4095 MEDIUM This Month

Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Docker macOS
NVD
CVSS 4.0
4.3
EPSS
0.1%
CVE-2025-46330 LOW PATCH Monitor

libsnowflakeclient is the Snowflake Connector for C/C++. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Connector For C C
NVD GitHub
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-46329 LOW PATCH Monitor

libsnowflakeclient is the Snowflake Connector for C/C++. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Connector For C C
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-3301 LOW Monitor

DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. Rated low severity (CVSS 1.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
1.0
EPSS
0.2%
CVE-2025-3358 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46761 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46760 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46759 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46758 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46757 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46756 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46755 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy