Skip to main content
CVE-2025-58014 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker allows Cross Site Request Forgery.7.0.61. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58010 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in straightvisions GmbH SV Proven Expert allows Cross Site Request Forgery.0.06. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57992 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in InterServer Mail Baby SMTP allows Cross Site Request Forgery.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57970 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SALESmanago SALESmanago & Leadoo allows Cross Site Request Forgery.8.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57934 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS Affiliation allows Cross Site Request Forgery.3.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57933 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in piotnetdotcom Piotnet Forms allows Cross Site Request Forgery.0.30. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57930 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in kanwei_doublethedonation Double the Donation allows Cross Site Request Forgery.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57927 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad allows Cross Site Request Forgery.42. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57924 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery.2.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57915 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in César Martín TOCHAT.BE allows Cross Site Request Forgery.BE: from n/a through 1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57914 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Matat Technologies Deliver via Shipos for WooCommerce allows Cross Site Request Forgery.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57905 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Amin Y AgreeMe Checkboxes For WooCommerce allows Cross Site Request Forgery.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53456 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in activewebsight SEO Backlink Monitor allows Cross Site Request Forgery.6.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58012 LOW Monitor

Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask allows Exploiting Incorrectly Configured Access Control Security Levels.8.5.2. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-58009 LOW Monitor

Missing Authorization vulnerability in codepeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.4.32. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-10776 LOW Monitor

A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-59526 LOW PATCH Monitor

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js XSS
NVD GitHub
CVSS 4.0
2.7
EPSS
0.1%
CVE-2025-10777 LOW Monitor

A flaw has been found in JSC R7 R7-Office Document Server up to 20250820. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10787 LOW Monitor

A vulnerability was found in MuYuCMS up to 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10774 LOW Monitor

A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-43814 MEDIUM PATCH This Month

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-43810 MEDIUM PATCH This Month

Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-43806 MEDIUM PATCH This Month

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-59532 HIGH PATCH This Month

Codex CLI is a coding agent from OpenAI that runs locally. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-57205 MEDIUM POC This Month

iNiLabs School Express (SMS Express) 6.2 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the content-management features available to authenticated admin users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS School Express
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-57204 MEDIUM POC This Month

Stocky POS with Inventory Management & HRM (ui-lib) version 5.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability within the Products module available to authenticated users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Stocky
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47910 MEDIUM PATCH This Month

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-10815 HIGH This Month

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-59434 CRITICAL This Week

Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-59433 MEDIUM PATCH This Month

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-59432 MEDIUM PATCH This Month

SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) authentication mechanisms. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Red Hat Suse
NVD GitHub
CVSS 4.0
6.6
EPSS
0.1%
CVE-2025-57203 MEDIUM Monitor

MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability within the chatbot generation feature available to authenticated admin users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS Magicai
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-59430 HIGH PATCH This Month

Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-57958 MEDIUM This Month

Missing Authorization vulnerability in WPXPO WowAddons allows Exploiting Incorrectly Configured Access Control Security Levels.0.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-57901 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-53459 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-36064 MEDIUM This Month

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Microsoft Information Disclosure Sterling Connect Windows
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-59420 HIGH POC PATCH This Month

Authlib is a Python library which builds OAuth and OpenID Connect servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Privilege Escalation Authlib Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-59418 MEDIUM This Month

BunnyPad is a note taking software. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-57438 MEDIUM POC This Week

The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ip 4C Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-55886 MEDIUM This Month

An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-43953 HIGH This Month

In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-59335 HIGH POC PATCH This Month

CubeCart is an ecommerce software solution. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Cubecart
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-57682 MEDIUM This Month

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Papermark
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-57605 HIGH This Month

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-57602 CRITICAL This Week

Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-57601 CRITICAL This Week

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all managed IoT/edge devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-57433 MEDIUM POC This Week

The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ip 4C Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36202 HIGH This Month

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Webmethods Integration
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-36037 MEDIUM This Month

IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Webmethods Integration
NVD
CVSS 3.1
5.4
EPSS
0.0%
Prev Page 8 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy