Skip to main content
CVE-2025-12547 LOW POC Monitor

LogicalDOC Community Edition up to 9.2.1 fails to implement rate limiting on the admin login page (/login.jsp), allowing remote attackers to conduct brute-force authentication attacks with high complexity but difficult exploitability. Publicly available exploit code exists, though the vendor has not responded to early disclosure notification, and real-world exploitation risk remains low given the EPSS score of 0.16% and high attack complexity.

Information Disclosure Logicaldoc
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.2%
CVE-2025-12546 LOW POC Monitor

Stored cross-site scripting (XSS) in LogicalDOC Community Edition up to 9.2.1 allows authenticated users to inject malicious scripts via the API Key creation UI, affecting the integrity of user data and potentially enabling credential theft or session hijacking. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), but publicly available exploit code exists and the vendor has not responded to early disclosure notification.

XSS Logicaldoc
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-64350 LOW Monitor

Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-64352 LOW Monitor

Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4.

Authentication Bypass Elementor
NVD
CVSS 3.1
2.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy