Skip to main content
CVE-2025-6347 LOW POC Monitor

A vulnerability was found in code-projects Responsive Blog 1.0/1.12.4/3.3.4. It has been declared as problematic. This vulnerability affects unknown code of the file /responsive/resblog/blogadmin/admin/pageViewMembers.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-52710 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team File Manager Pro allows Stored XSS. This issue affects File Manager Pro: from n/a through 1.8.8.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50027 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xootix Login/Signup Popup allows Stored XSS. This issue affects Login/Signup Popup: from n/a through 2.9.4.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50026 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spoki Spoki allows Stored XSS. This issue affects Spoki: from n/a through 2.16.0.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50025 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls allows Stored XSS. This issue affects CP Polls: from n/a through 1.0.81.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50024 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Truong Thanh ATP Call Now allows Stored XSS. This issue affects ATP Call Now: from n/a through 1.0.3.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50023 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Coyier CodePen Embed Block allows Stored XSS. This issue affects CodePen Embed Block: from n/a through 1.1.1.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50022 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in justin_k WP-FB-AutoConnect allows Stored XSS. This issue affects WP-FB-AutoConnect: from n/a through 4.6.3.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50021 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Peake Better Random Redirect allows Stored XSS. This issue affects Better Random Redirect: from n/a through 1.3.20.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50020 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nitin Yawalkar RDFa Breadcrumb allows Stored XSS. This issue affects RDFa Breadcrumb: from n/a through 2.3.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50019 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sandor Kovacs Simple Sticky Footer allows Stored XSS. This issue affects Simple Sticky Footer : from n/a through 1.3.5.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50018 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tealium Tealium allows Stored XSS. This issue affects Tealium: from n/a through 2.1.17.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50017 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt WP Voting Contest allows Stored XSS. This issue affects WP Voting Contest: from n/a through 5.8.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50016 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through 2.4.2.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50015 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodrigo Bastos Hand Talk allows Stored XSS. This issue affects Hand Talk: from n/a through 6.0.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50014 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan PDPA Consent for Thailand allows Stored XSS. This issue affects PDPA Consent for Thailand: from n/a through 1.1.1.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50013 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Judge CSV Importer Improved allows Stored XSS. This issue affects CSV Importer Improved: from n/a through 0.6.1.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50012 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fridaysystems Inventory Presser allows Stored XSS. This issue affects Inventory Presser: from n/a through 15.0.0.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-50011 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Félix Martínez Recipes manager - WPH allows Stored XSS. This issue affects Recipes manager - WPH: from n/a through 1.0.4.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-32875 MEDIUM This Month

An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing attackers within Bluetooth range to eavesdrop on the communication. Furthermore, even if a user manually initiates pairing and bonding in the Android settings, the application continues to transmit data without requiring the watch to be bonded. This fallback behavior enables attackers to exploit the communication, for example, by conducting an active machine-in-the-middle attack.

Authentication Bypass Google Android
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-50054 MEDIUM PATCH This Month

Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash

Buffer Overflow Heap Overflow Ovpn Dco Win
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-50009 MEDIUM This Month

Missing Authorization vulnerability in Climax Themes Kata Plus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Kata Plus: from n/a through 1.5.3.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-50008 MEDIUM This Month

A remote code execution vulnerability (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-49998 MEDIUM This Month

Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.5.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-50010 MEDIUM This Month

Missing Authorization vulnerability in Zapier Zapier for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zapier for WordPress: from n/a through 1.5.2.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-49996 MEDIUM This Month

A security vulnerability in osama (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49991 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in tggfref WP-Recall (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49988 MEDIUM This Month

Missing Authorization vulnerability in Renzo Contact Form 7 AWeber Extension allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form 7 AWeber Extension: from n/a through 0.1.38.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49997 MEDIUM This Month

Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.17.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49995 MEDIUM This Month

CVE-2025-49995 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49993 MEDIUM This Month

Missing Authorization vulnerability in Cookie Script Cookie-Script.com allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cookie-Script.com: from n/a through 1.2.1.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49990 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in contentstudio ContentStudio (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49989 MEDIUM This Month

Missing Authorization vulnerability in App Cheap App Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects App Builder: from n/a through 5.5.3.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49987 MEDIUM This Month

Missing Authorization vulnerability in WPFactory CRM ERP Business Solution allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CRM ERP Business Solution: from n/a through 1.13.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49986 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in thanhtungtnt Video List Manager (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-32753 MEDIUM This Month

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering.

SQLi Information Disclosure Denial Of Service Dell Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-49985 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Ali Irani Auto Upload Images allows Server Side Request Forgery. This issue affects Auto Upload Images: from n/a through 3.3.2.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-49984 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.11.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-49983 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Joe Hoyle WPThumb allows Server Side Request Forgery. This issue affects WPThumb: from n/a through 0.10.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-5963 MEDIUM This Month

The Postbox's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application's context and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. The original company behind Postbox is no longer operational, the software will no longer receive updates. The acquiring company (em Client) did not cooperate in vulnerability disclosure.

Apple Privilege Escalation macOS
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-5255 MEDIUM This Month

The Phoenix Code's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application's context and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue was fixed in commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da

Apple Privilege Escalation macOS
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-38083 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.

Race Condition Information Disclosure Linux
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-49978 MEDIUM This Month

CVE-2025-49978 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49969 MEDIUM This Month

Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zara 4 Image Compression: from n/a through 1.2.17.2.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-52719 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid allows Retrieve Embedded Sensitive Data. This issue affects ProfileGrid : from n/a through 5.9.5.2.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-3228 MEDIUM PATCH This Month

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run.

Authentication Bypass Debian Mattermost Server Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-3227 MEDIUM PATCH This Month

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public and private channels by manipulating playbook run participants when the run is linked to a channel.

Authentication Bypass Debian Mattermost Server Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49982 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in aguilatechnologies WP Customer Area (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49976 MEDIUM This Month

Missing Authorization vulnerability in WANotifier WANotifier allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WANotifier: from n/a through 2.7.7.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49974 MEDIUM This Month

A security vulnerability in a Project Management (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy