Skip to main content
CVE-2025-8940 HIGH POC This Month

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.5%
CVE-2025-8939 HIGH POC This Month

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-8046 MEDIUM POC This Month

The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Injection Guard PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-7808 MEDIUM POC This Month

The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS External Store For Shopify PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-6790 MEDIUM Monitor

The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD WPScan
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-3414 MEDIUM This Month

The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD WPScan
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-5942 MEDIUM This Month

Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-5941 LOW Monitor

Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. Rated low severity (CVSS 2.0). No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-0309 MEDIUM This Month

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2024-7402 HIGH This Month

Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle). Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-55199 MEDIUM PATCH This Month

Helm is a package manager for Charts for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Kubernetes Helm Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55198 MEDIUM PATCH This Month

Helm is a package manager for Charts for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Kubernetes Helm Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
Prev Page 7 of 7

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy