Skip to main content
CVE-2025-6522 MEDIUM This Month

Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb Pro by passing a well formed JSON string.

Command Injection
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-53318 MEDIUM This Month

Missing Authorization vulnerability in WPManiax WP DB Booster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP DB Booster: from n/a through 1.0.1.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-38007 MEDIUM This Month

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

XSS IBM Cloud Pak System
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-53265 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Elena Yamshikova Virusdie allows Cross Site Request Forgery. This issue affects Virusdie: from n/a through 1.1.3.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-53263 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms allows Cross Site Request Forgery. This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through 1.3.4.

Google CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-53262 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Writesonic Writesonic allows Cross Site Request Forgery. This issue affects Writesonic: from n/a through 1.0.4.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-41418 MEDIUM This Month

Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request.

Buffer Overflow
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-6705 MEDIUM PATCH This Month

CVE-2025-6705 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Open Vsx
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-53322 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in ZealousWeb Accept Authorize.NET Payments Using Contact Form 7 allows Retrieve Embedded Sensitive Data. This issue affects Accept Authorize.NET Payments Using Contact Form 7: from n/a through 2.5.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-53309 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in ZealousWeb Accept Stripe Payments Using Contact Form 7 allows Retrieve Embedded Sensitive Data. This issue affects Accept Stripe Payments Using Contact Form 7: from n/a through 3.0.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-53211 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roland Beaussant Audio Editor & Recorder allows Retrieve Embedded Sensitive Data. This issue affects Audio Editor & Recorder: from n/a through 2.2.3.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-53304 MEDIUM This Month

CVE-2025-53304 is a security vulnerability (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-53295 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in iCount iCount Payment Gateway (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-53255 MEDIUM This Month

Missing Authorization vulnerability in Nabil Lemsieh HurryTimer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HurryTimer: from n/a through 2.13.1.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-6773 MEDIUM PATCH This Month

A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload. The manipulation of the argument file.filename leads to path traversal. It is possible to launch the attack on the local host. The identifier of the patch is 60777d535b719631680bcf5d0969bdef79ca4eaf. It is recommended to apply a patch to fix this issue.

File Upload Path Traversal
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-46707 MEDIUM This Month

Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.

Information Disclosure Ddk
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-53298 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gioni Plugin Inspector allows Path Traversal. This issue affects Plugin Inspector: from n/a through 1.5.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-32281 MEDIUM This Month

Missing Authorization vulnerability in FocuxTheme WPKit For Elementor allows Privilege Escalation. This issue affects WPKit For Elementor: from n/a through 1.1.0.

Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-53266 MEDIUM This Month

Missing Authorization vulnerability in EdwardBock Cron Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cron Logger: from n/a through 1.3.0.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-53323 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-53293 MEDIUM This Month

Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dashboard Widget Sidebar: from n/a through 1.2.3.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-53288 MEDIUM This Month

Missing Authorization vulnerability in Adrian Ladó PlatiOnline Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PlatiOnline Payments: from n/a through 6.3.2.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-53200 MEDIUM This Month

Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-46708 MEDIUM This Month

CVE-2025-46708 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Ddk
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53327 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions allows Cross Site Request Forgery. This issue affects Aioseo Multibyte Descriptions: from n/a through 0.0.6.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53273 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Slickstream Slickstream allows Cross Site Request Forgery. This issue affects Slickstream: from n/a through 2.0.3.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53272 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in opicron Image Cleanup allows Cross Site Request Forgery. This issue affects Image Cleanup: from n/a through 1.9.2.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53270 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Blend Media WordPress CTA allows Cross Site Request Forgery. This issue affects WordPress CTA: from n/a through 1.6.9.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53269 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in imw3 My Wp Brand allows Cross Site Request Forgery. This issue affects My Wp Brand: from n/a through 1.1.3.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53268 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ryanpcmcquen Import external attachments allows Cross Site Request Forgery. This issue affects Import external attachments: from n/a through 1.5.12.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53267 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Aftab Husain Hide Admin Bar From Front End allows Cross Site Request Forgery. This issue affects Hide Admin Bar From Front End: from n/a through 1.0.0.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53264 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Konrád Koller ONet Regenerate Thumbnails allows Cross Site Request Forgery. This issue affects ONet Regenerate Thumbnails: from n/a through 1.5.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53261 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in macbookandrew WP YouTube Live allows Cross Site Request Forgery. This issue affects WP YouTube Live: from n/a through 1.10.0.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53254 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in webcraftic Cyrlitera allows Cross Site Request Forgery. This issue affects Cyrlitera: from n/a through 1.2.0.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53203 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder allows Cross Site Request Forgery. This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.148.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53197 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in cookiebot Cookiebot allows Cross Site Request Forgery. This issue affects Cookiebot: from n/a through 4.5.8.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53193 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Burst Statistics B.V. Burst Statistics allows Cross Site Request Forgery. This issue affects Burst Statistics: from n/a through 2.0.6.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-5936 MEDIUM This Month

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

WordPress CSRF Vr Calendar PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy