Skip to main content
CVE-2025-5082 MEDIUM This Month

The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachment_id’ parameter in all versions up to, and including, 5.0.12 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2025-47295 LOW Monitor

A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Fortinet Fortios
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2025-47294 MEDIUM This Month

A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Fortinet Fortios
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-46777 LOW Monitor

A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortiportal
NVD
CVSS 3.1
2.3
EPSS
0.2%
CVE-2025-27528 CRITICAL PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-27526 MEDIUM PATCH This Month

Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-27522 MEDIUM PATCH This Month

Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-25251 HIGH This Month

An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24473 LOW Monitor

A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Fortinet Forticlient Windows
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2025-22252 CRITICAL CERT-EU This Week

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortiswitchmanager Fortios
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-54020 LOW Monitor

A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortimanager
NVD
CVSS 3.1
2.3
EPSS
0.1%
CVE-2025-5025 MEDIUM POC PATCH Monitor

libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Red Hat Suse
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-4947 MEDIUM POC PATCH This Week

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-4800 HIGH This Month

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
8.8
EPSS
1.6%

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-25029 MEDIUM Monitor

IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-25026 MEDIUM Monitor

IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-25025 MEDIUM Monitor

IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy