Skip to main content
CVE-2025-8595 MEDIUM Monitor

The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-54628 MEDIUM This Month

Vulnerability of incomplete verification information in the communication module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-54626 MEDIUM Monitor

Pointer dangling vulnerability in the cjwindow module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-54625 MEDIUM This Month

Race condition vulnerability in the kernel file system module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-54624 MEDIUM This Month

Unexpected injection event vulnerability in the multimodalinput module. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-8656 MEDIUM This Month

Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2025-8655 MEDIUM This Month

Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8652 MEDIUM This Month

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8651 MEDIUM This Month

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8650 MEDIUM This Month

Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8649 MEDIUM This Month

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8648 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8647 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8646 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8645 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8644 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8643 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8642 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8641 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8640 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8639 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8638 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8637 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8636 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8635 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8634 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8633 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8632 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8631 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8630 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8629 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8628 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-6259 MEDIUM This Month

The esri-map-view plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's esri-map-view shortcode in all versions up to, and including, 1.2.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-54623 MEDIUM This Month

Out-of-bounds read vulnerability in the devicemanager module. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-54621 MEDIUM This Month

Iterator failure issue in the WantAgent module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-54879 MEDIUM PATCH This Month

Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Mastodon
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54876 MEDIUM This Month

The Janssen Project is an open-source identity and access management (IAM) platform. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-54869 MEDIUM PATCH This Month

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PHP
NVD GitHub
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-54571 MEDIUM POC PATCH This Week

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Apache XSS Modsecurity Red Hat +1
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy