Skip to main content
CVE-2025-12371 MEDIUM Monitor

The Nari Accountant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via account settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-12369 MEDIUM This Month

The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `geojsonmarker` shortcode in all versions up to, and including, 4.7. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-12350 MEDIUM This Month

The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_ajax_nopriv_dominokit_option_admin_action AJAX endpoint in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-12188 MEDIUM Monitor

The Posts Navigation Links for Sections and Headings - Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12158 CRITICAL This Week

The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-12157 MEDIUM This Month

The Simple User Capabilities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_reset_capability' AJAX endpoint in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12156 MEDIUM Monitor

The Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12065 MEDIUM Monitor

The WP Carticon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carticon_js_script' parameter in all versions up to, and including, 1.0.0 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-11890 HIGH This Month

The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-11812 MEDIUM This Month

The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'reuse_builder_single_post_title' shortcode in all versions up to, and including, 1.7. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-11753 MEDIUM Monitor

The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-11724 HIGH This Month

The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, 3.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP RCE WordPress
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-47370 MEDIUM This Month

Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ar8035 Firmware Csrb31024 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +131
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-47368 HIGH This Month

Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sc8380xp Firmware Wcd9380 Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47367 HIGH This Month

Memory corruption while accessing a buffer during IOCTL processing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Qcm6490 Firmware Qcs5430 Firmware Qcs6490 Firmware +28
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47365 HIGH This Month

Memory corruption while processing large input data from a remote source via a communication interface. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware +32
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47362 MEDIUM This Month

Information disclosure while processing message from client with invalid payload. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Msm8996au Firmware Qam8255p Firmware Qam8295p Firmware +35
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-47361 HIGH This Month

Memory corruption when triggering a subsystem crash with an out-of-range identifier. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware Qam8650p Firmware +24
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47360 HIGH This Month

Memory corruption while processing client message during device management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware +32
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47357 HIGH This Month

Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Qam8255p Firmware Qam8620p Firmware Qam8650p Firmware +21
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-47353 HIGH This Month

Memory corruption while processing request sent from GVM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qam8255p Firmware Qam8650p Firmware Qam8775p Firmware Qamsrv1h Firmware +14
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47352 HIGH This Month

Memory corruption while processing audio streaming operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 7800 Firmware Qcc2072 Firmware Wcd9378c Firmware Wsa8840 Firmware +10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27074 HIGH This Month

Memory corruption while processing a GP command response. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apq8064au Firmware Csr8811 Firmware Immersive Home 214 Platform Firmware Immersive Home 216 Platform Firmware +91
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-27070 HIGH This Month

Memory corruption while performing encryption and decryption commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Qcs615 Firmware Qcs6490 Firmware Qcs8300 Firmware +171
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27064 MEDIUM This Month

Information disclosure while registering commands from clients with diag through diagHal. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Fastconnect 6900 Firmware Fastconnect 7800 Firmware Immersive Home 3210 Platform Firmware +74
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-12401 MEDIUM This Month

The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-12069 MEDIUM Monitor

The WP Global Screen Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-11008 CRITICAL This Week

The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-11007 CRITICAL This Week

The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-12324 MEDIUM This Month

The TablePress - Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `table` shortcode attributes in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-11841 MEDIUM This Month

The Greenshift - animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Chart Data attributes in all versions up to, and including, 12.2.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-43505 HIGH This Month

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Xcode
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-43504 MEDIUM Monitor

A buffer overflow was addressed with improved bounds checking. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Xcode
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-43495 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-43481 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-43460 MEDIUM Monitor

A logic issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-43459 MEDIUM Monitor

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Watchos
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-43454 HIGH This Month

This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43452 MEDIUM Monitor

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-43450 HIGH This Month

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43449 HIGH This Month

The issue was addressed with improved handling of caches. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43442 LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os iOS
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43439 MEDIUM This Month

A privacy issue was addressed by removing sensitive data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43422 MEDIUM Monitor

The issue was addressed by adding additional logic. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-43409 MEDIUM This Month

A permissions issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43399 HIGH This Month

This issue was addressed with improved redaction of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS iOS
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43390 MEDIUM This Month

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Intel Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43387 HIGH This Month

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43378 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43377 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure macOS iOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy