Skip to main content
CVE-2025-49973 MEDIUM This Month

Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes: from n/a through 1.0.9.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49970 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49981 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in mahabub81 User Roles and Capabilities (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49980 MEDIUM This Month

Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Profile Avatar: from n/a through 1.0.6.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49979 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in slui Media Hygiene (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49971 MEDIUM This Month

CVE-2025-49971 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-52711 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid - Visual Drag and Drop Editor allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid - Visual Drag and Drop Editor: from n/a through 1.27.8.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49977 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inventory Manager allows Cross Site Request Forgery. This issue affects WP Inventory Manager: from n/a through 2.3.4.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49975 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.0.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49972 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in David Wood TM Replace Howdy allows Cross Site Request Forgery. This issue affects TM Replace Howdy: from n/a through 1.4.2.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49968 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML Travel Portal Widget allows Cross Site Request Forgery. This issue affects XML Travel Portal Widget: from n/a through 2.0.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49967 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live Sports Streamthunder allows Cross Site Request Forgery. This issue affects Live Sports Streamthunder: from n/a through 2.1.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49966 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API allows Cross Site Request Forgery. This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through 1.0.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49965 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Oganro PixelBeds Channel Manager and Hotel Booking Engine allows Cross Site Request Forgery. This issue affects PixelBeds Channel Manager and Hotel Booking Engine: from n/a through 1.0.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49964 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink allows Cross Site Request Forgery. This issue affects ClipLink: from n/a through 1.1.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-7586 MEDIUM PATCH This Month

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials.

Gitlab Information Disclosure Ubuntu Debian
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-48059 LOW PATCH Monitor

PowSyBl (Power System Blocks) is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the RegexCriterion class. This class compiles and evaluates an unvalidated, user-supplied regular expression against the identifier of an Identifiable object via Pattern.compile(regex).matcher(id).find(). If successfully exploited, a malicious actor can cause significant CPU exhaustion through repeated or recursive filter(...) calls - especially if performed over large network models or filtering operations. This issue has been patched in com.powsybl:powsybl-iidm-criteria 6.7.2.

Denial Of Service
NVD GitHub
CVSS 4.0
2.7
EPSS
0.1%
CVE-2025-52484 LOW PATCH Monitor

A security vulnerability in RISC Zero (CVSS 2.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub
CVSS 4.0
2.7
EPSS
0.1%
CVE-2025-5416 LOW Monitor

A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.

Information Disclosure Debian
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-6288 LOW Monitor

A vulnerability, which was classified as problematic, has been found in PHPGurukul Bus Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php of the component Profile Page. The manipulation of the argument profile name leads to cross site scripting. The attack may be launched remotely.

PHP XSS
NVD VulDB
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-6287 LOW Monitor

A vulnerability classified as problematic was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /test-details.php of the component Take Action. The manipulation of the argument remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-6301 LOW Monitor

A vulnerability, which was classified as problematic, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /admin/manage-notices.php of the component Add Notice. The manipulation of the argument Title/Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy