Skip to main content
CVE-2025-47664 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery.4.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2025-20958 MEDIUM This Month

Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-47591 MEDIUM This Month

Missing Authorization vulnerability in CreedAlly Bulk Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-20151 MEDIUM This Month

A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Cisco Ios Xe Sd Wan
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-3851 MEDIUM This Month

The Download Manager and Payment Form WordPress Plugin - WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-47692 MEDIUM This Month

Missing Authorization vulnerability in contentstudio ContentStudio allows Exploiting Incorrectly Configured Access Control Security Levels.3.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-47528 MEDIUM This Month

Missing Authorization vulnerability in pewilliams Ovation Elements allows Exploiting Incorrectly Configured Access Control Security Levels.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-47471 MEDIUM This Month

Missing Authorization vulnerability in EnvoThemes Envo Extra allows Exploiting Incorrectly Configured Access Control Security Levels.9.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-47467 MEDIUM This Month

Missing Authorization vulnerability in GS Plugins GS Testimonial Slider allows Exploiting Incorrectly Configured Access Control Security Levels.3.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-20956 MEDIUM This Month

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wear Os Android Samsung
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47633 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin - Advertiser Tracking for WooCommerce allows Cross Site Request Forgery.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47624 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case allows Cross Site Request Forgery.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47681 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Ability, Inc Web Accessibility with Max Access allows Cross Site Request Forgery.0.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47674 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial Credova_Financial allows Cross Site Request Forgery.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47647 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery.18. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47614 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark LessButtons Social Sharing and Statistics allows Cross Site Request Forgery.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47609 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in easymebiz EasyMe Connect allows Cross Site Request Forgery.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47606 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways allows Cross Site Request Forgery.48.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47597 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Maulik Vora WP Podcasts Manager allows Cross Site Request Forgery.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47596 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Beacon Lead Magnets and Lead Capture allows Cross Site Request Forgery.5.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47594 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Soccer Live Scores allows Cross Site Request Forgery.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47590 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in John Dagelmore WPSpeed allows Cross Site Request Forgery.6.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47551 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed allows Cross Site Request Forgery.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47543 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker allows Cross Site Request Forgery.0.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47542 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery.6.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47523 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Lukáš Hartmann Seznam Webmaster allows Cross Site Request Forgery.4.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47519 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal Events allows Cross Site Request Forgery.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47470 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Content Writer allows Cross Site Request Forgery.9.14. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47468 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form allows Cross Site Request Forgery.2.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47459 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in XpeedStudio WP Fundraising Donation and Crowdfunding Platform allows Cross Site Request Forgery.7.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47451 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce allows Cross Site Request Forgery.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47448 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking allows Cross Site Request Forgery.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47447 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak Cool Author Box allows Cross Site Request Forgery.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47446 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in listamester Listamester allows Cross Site Request Forgery.3.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32441 MEDIUM PATCH This Month

Rack is a modular Ruby web server interface. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable.

Information Disclosure Race Condition Rack Red Hat Suse
NVD GitHub
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-20962 MEDIUM This Month

Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-20960 MEDIUM This Month

Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-20980 MEDIUM This Month

Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android Samsung
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-20223 MEDIUM Monitor

A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Catalyst Center
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2025-20221 MEDIUM This Month

A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20216 MEDIUM Monitor

A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Cisco Catalyst Sd Wan Manager
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-20214 MEDIUM Monitor

A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Cisco Ios Xe
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-20213 MEDIUM This Month

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Catalyst Sd Wan Manager
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20201 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-20200 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-20199 MEDIUM Monitor

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-20198 MEDIUM Monitor

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-20197 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-20196 MEDIUM This Month

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe Cgr1000 Firmware +5
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-20195 MEDIUM Monitor

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple CSRF Cisco Ios Xe
NVD
CVSS 3.1
4.3
EPSS
0.2%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy