Skip to main content
CVE-2025-4594 MEDIUM PATCH This Month

The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tournamatch PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-48708 MEDIUM PATCH Monitor

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Red Hat Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-48701 MEDIUM This Month

openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-4692 MEDIUM This Month

Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.9
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy