Skip to main content
CVE-2025-41074 MEDIUM This Month

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Limesurvey
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-40605 MEDIUM This Month

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Email Security Appliance 5000 Firmware Email Security Appliance 5050 Firmware Email Security Appliance 7000 Firmware Email Security Appliance 7050 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-13469 MEDIUM Monitor

A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-13434 MEDIUM POC This Month

A weakness has been identified in jameschz Hush Framework 2.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Hush
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-12778 MEDIUM This Month

The Ultimate Member Widgets for Elementor - WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_filter_users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12502 MEDIUM This Month

The attention-bar WordPress plugin through 0.7.2.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users such as administrator to perform SQL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD WPScan
CVSS 3.1
6.8
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy