Skip to main content
CVE-2025-41336 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41335 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-12695 MEDIUM This Month

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-12682 CRITICAL This Week

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE WordPress PHP
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-41114 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41113 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41112 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41111 HIGH This Month

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Canaldenuncia App
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-12493 CRITICAL This Week

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +21 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure RCE Path Traversal PHP +1
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-12045 MEDIUM This Month

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and tag 'name' parameters. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-11690 HIGH This Month

An Insecure Direct Object Reference (IDOR) vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-20749 MEDIUM This Month

In charger, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20748 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20747 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20746 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20745 MEDIUM Monitor

In apusys, there is a possible memory corruption due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Use After Free Privilege Escalation +2
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20744 MEDIUM Monitor

In pda, there is a possible escalation of privilege due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Privilege Escalation Android +1
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20743 MEDIUM Monitor

In clkdbg, there is a possible escalation of privilege due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Privilege Escalation Android +1
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20742 HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-20741 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20740 MEDIUM Monitor

In wlan STA driver, there is a possible out of bounds read due to a race condition. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Information Disclosure Software Development Kit
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-20739 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20738 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20737 HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20736 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20735 HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20734 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20733 HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20732 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20731 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20730 MEDIUM This Month

In preloader, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Yocto Rdk B Android +2
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20729 MEDIUM Monitor

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20728 HIGH This Month

In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20727 HIGH This Month

In Modem, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Lr12a Nr15 +3
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-20726 HIGH This Month

In Modem, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Lr12a Nr15 +3
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-20725 HIGH This Month

In ims service, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Lr12a Nr15 +1
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-12683 MEDIUM This Month

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. Rated medium severity (CVSS 5.8). No vendor patch available.

Denial Of Service Privilege Escalation
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2025-12456 MEDIUM This Month

The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-12452 MEDIUM This Month

The Visit Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP CSRF
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-12416 MEDIUM This Month

The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in all versions up to, and including, 1.1.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-12415 MEDIUM This Month

The MapMap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-12413 MEDIUM This Month

The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-12412 MEDIUM This Month

The Top Bar Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-12410 MEDIUM This Month

The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-12403 MEDIUM This Month

The Associados Amazon Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-12402 MEDIUM This Month

The LinkedIn Resume plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.00. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-12400 MEDIUM This Month

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-12396 MEDIUM Monitor

The clubmember plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.2 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-12393 MEDIUM Monitor

The Free Quotation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-12389 MEDIUM Monitor

The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_setting() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy