Skip to main content
CVE-2025-64329 MEDIUM PATCH This Month

containerd is an open-source container runtime. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Containerd Red Hat Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-4522 MEDIUM PATCH This Month

The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Idonate PHP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-4519 HIGH PATCH This Month

The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Privilege Escalation Idonate PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12352 CRITICAL This Week

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE WordPress PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-64323 MEDIUM PATCH This Month

kgateway is a Cloud-Native API and AI Gateway. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-64187 MEDIUM PATCH Monitor

OctoPrint provides a web interface for controlling consumer 3D printers. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

XSS Octoprint
NVD GitHub
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-64184 HIGH PATCH This Month

Dosage is a comic strip downloader and archiver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-64180 CRITICAL This Week

Manager-io/Manager is accounting software. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-5483 HIGH This Month

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress PHP Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-11546 CRITICAL This Week

CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-52662 MEDIUM POC PATCH This Week

A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Devtools
NVD GitHub
CVSS 3.1
6.9
EPSS
0.0%
CVE-2025-48985 LOW PATCH Monitor

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Ai Vercel
NVD GitHub
CVSS 3.1
3.7
EPSS
0.2%
CVE-2025-12789 MEDIUM This Month

A flaw was found in Red Hat Single Sign-On. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Red Hat
NVD
CVSS 3.1
6.1
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy