Skip to main content
CVE-2025-30642 MEDIUM PATCH This Month

A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Denial Of Service Deep Security Agent
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-5141 MEDIUM This Month

CVE-2025-5141 is a security vulnerability (CVSS 5.5) that allows low privilege local users. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-49872 MEDIUM This Month

Missing Authorization vulnerability in WPExperts.io myCred allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects myCred: from n/a through 2.9.4.2.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49864 MEDIUM This Month

Missing Authorization vulnerability in AFS Analytics AFS Analytics allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AFS Analytics: from n/a through 4.21.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-40674 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the name of any parameter in /watch/en/about-us. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-49877 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Metagauss ProfileGrid allows Server Side Request Forgery. This issue affects ProfileGrid : from n/a through 5.9.5.2.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-49868 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.6.0.

Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-6069 MEDIUM PATCH This Month

CVE-2025-6069 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Denial Of Service Debian Ubuntu Red Hat Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-47866 MEDIUM PATCH This Month

An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.

File Upload Apex Central
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-3880 MEDIUM PATCH This Month

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to change the email address for the account connection, and disconnect the plugin. Previously created content will still be displayed and functional if the account is disconnected.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49880 MEDIUM This Month

Missing Authorization vulnerability in Emraan Cheema CubeWP Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CubeWP Forms: from n/a through 1.1.5.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49857 MEDIUM This Month

Missing Authorization vulnerability in WPExperts.io myCred allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects myCred: from n/a through 2.9.4.2.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49874 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in tychesoftwares Arconix FAQ (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49865 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.0.1.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49856 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CyberChimps Responsive Plus allows Cross Site Request Forgery. This issue affects Responsive Plus: from n/a through 3.2.2.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-48111 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-6199 LOW PATCH Monitor

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.

Information Disclosure Gdkpixbuf
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-45526 LOW Monitor

A denial of service (DoS) vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content (e.g., 100 million characters) is processed, the reset function in microlight.js consumes excessive memory and CPU resources, causing browser crashes or unresponsiveness. An attacker can exploit this vulnerability by tricking a user into visiting a malicious web page containing a microlight element with large content, resulting in a denial of service. NOTE: this is disputed by multiple parties because a large amount of memory and CPU resources is expected to be needed for content of that size.

Denial Of Service
NVD GitHub
CVSS 3.1
2.9
EPSS
0.0%
CVE-2025-45525 LOW Monitor

A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before accessing its properties, leading to an uncaught TypeError and potential application crash. NOTE: this is disputed by multiple parties because there is no common scenario in which an adversary can insert those non-standard values.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
2.9
EPSS
0.0%
CVE-2025-49843 LOW PATCH Monitor

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_headers function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write access beyond the intended user/owner. This violates the principle of least privilege, which mandates restricting file permissions to the minimum necessary. An attacker could exploit this to access configuration files in shared hosting environments. This issue has been patched in version 3.47.1.

Privilege Escalation
NVD GitHub
CVSS 4.0
2.7
EPSS
0.1%
CVE-2025-4754 LOW PATCH Monitor

A security vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking (CVSS 2.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-49824 LOW PATCH Monitor

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_encrypt_binstar_token implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attack. This vulnerability results from the use of an outdated and insecure padding scheme during RSA encryption. A malicious actor with access to an oracle system can exploit this flaw by iteratively submitting modified ciphertexts and analyzing responses to infer the plaintext without possessing the private key. This issue has been patched in version 3.47.1.

Oracle Information Disclosure
NVD GitHub
CVSS 4.0
1.7
EPSS
0.1%
CVE-2025-49842 LOW PATCH Monitor

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privilege escalation and host compromise if a vulnerability is exploited. This issue has been patched in version 2025.3.24.

Privilege Escalation Docker
NVD GitHub
CVSS 4.0
1.0
EPSS
0.0%
CVE-2025-49823 NONE PATCH Awaiting Data

(conda) Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix (user_prefix) using an eval statement, which executes unsanitized user input as shell code. Although the script runs with user privileges (not root), an attacker could exploit this by injecting arbitrary commands through a malicious path during installation. Exploitation requires explicit user action. This issue has been patched in version 3.11.3.

Command Injection
NVD GitHub
EPSS
0.0%
CVE-2025-3494 Awaiting Data

Rejected reason: This CVE ID has been rejected by its CNA as it was not a security issue. No vendor patch available.

Information Disclosure
NVD
CVE-2025-3493 Awaiting Data

Rejected reason: This CVE ID has been rejected by its CNA as it was not a security issue. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52445 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52444 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52443 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52442 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52441 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52440 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52439 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52438 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-52437 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2024-45380 Awaiting Data

Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024. No vendor patch available.

Information Disclosure
NVD
CVE-2024-45069 Awaiting Data

Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024. No vendor patch available.

Information Disclosure
NVD
CVE-2024-45065 Awaiting Data

Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024. No vendor patch available.

Information Disclosure
NVD
CVE-2024-43422 Awaiting Data

Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024. No vendor patch available.

Information Disclosure
NVD
CVE-2024-21856 LOW Monitor

Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024. Rated low severity (CVSS -1.0). No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
-1.0
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy