Skip to main content

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-11936 MEDIUM PATCH This Month

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wolfssl
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-11934 LOW PATCH Monitor

Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Wolfssl
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11933 LOW PATCH Monitor

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Wolfssl
NVD GitHub
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-11932 LOW PATCH Monitor

The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Wolfssl
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-11931 LOW PATCH Monitor

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Wolfssl
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-65111 LOW PATCH Monitor

SpiceDB is an open source database system for creating and managing security-critical application permissions. Rated low severity (CVSS 2.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Spicedb
NVD GitHub
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-65109 HIGH PATCH This Month

Minder is an open source software supply chain security platform. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-65108 CRITICAL PATCH This Week

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Google RCE Code Injection Chrome
NVD GitHub
CVSS 3.1
10.0
EPSS
0.6%
CVE-2025-65107 MEDIUM This Month

Langfuse is an open source large language model engineering platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass CSRF Langfuse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-65106 HIGH PATCH This Month

LangChain is a framework for building agents and LLM-powered applications. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python Ssti Langchain AI / ML +1
NVD GitHub
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-65102 HIGH This Month

PJSIP is a free and open source multimedia communication library. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-65092 MEDIUM This Month

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-11935 MEDIUM PATCH This Month

With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS (perfect forward secrecy) and the client would continue on with the connection using PSK without PFS. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wolfssl
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-0504 MEDIUM This Month

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-11087 HIGH This Month

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress File Upload RCE PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-36149 MEDIUM This Month

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Concert
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-64767 CRITICAL PATCH This Week

hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-64169 MEDIUM POC This Month

Wazuh is a free and open source platform used for threat prevention, detection, and response. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wazuh
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-62626 HIGH PATCH This Month

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Amd Suse
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-62609 MEDIUM POC PATCH This Month

MLX is an array framework for machine learning on Apple silicon. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apple Mlx Red Hat
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-62608 MEDIUM POC PATCH This Month

MLX is an array framework for machine learning on Apple silicon. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Buffer Overflow Heap Overflow Mlx +1
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-54866 LOW POC PATCH Monitor

Wazuh is a free and open source platform used for threat prevention, detection, and response. Rated low severity (CVSS 1.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Wazuh
NVD GitHub
CVSS 4.0
1.8
EPSS
0.0%
CVE-2025-48502 MEDIUM This Month

Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Amd Uprof
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-30201 HIGH POC PATCH This Month

Wazuh is a free and open source platform used for threat prevention, detection, and response. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. Public exploit code available.

RCE Privilege Escalation Wazuh
NVD GitHub
CVSS 3.1
7.7
EPSS
0.3%
CVE-2025-29934 MEDIUM This Month

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity. Rated medium severity (CVSS 5.3). No vendor patch available.

Information Disclosure Amd
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-64483 MEDIUM This Month

Wazuh is a security detection, visibility, and compliance open source project. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-13132 HIGH This Month

This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen notification (toast) appearing. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-13470 HIGH PATCH This Month

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to be left uninitialized except for zeroing, resulting in it. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2025-12973 HIGH This Month

The S2B AI Assistant - ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeFile() function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE WordPress PHP
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-12747 MEDIUM This Month

The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Path Traversal Information Disclosure PHP
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-41115 CRITICAL PATCH This Week

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Privilege Escalation Red Hat Suse
NVD
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-13432 MEDIUM Monitor

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Terraform
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13357 HIGH PATCH This Month

Vault’s Terraform Provider incorrectly set the default deny_null_bind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Hashicorp Terraform Provider Suse
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-11127 CRITICAL This Week

The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD WPScan
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-66112 MEDIUM Monitor

Missing Authorization vulnerability in WebToffee Accessibility Toolkit by WebYes accessibility-plus allows Exploiting Incorrectly Configured Access Control Security Levels.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66107 MEDIUM This Month

Missing Authorization vulnerability in Scott Paterson Subscriptions & Memberships for PayPal subscriptions-memberships-for-paypal allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-66099 MEDIUM This Month

Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-66098 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Camille V Travelers' Map travelers-map allows Stored XSS.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-66093 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-66092 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bqworks Accordion Slider accordion-slider allows Stored XSS.9.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-66091 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.1.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-66090 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-66079 MEDIUM This Month

Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-66071 MEDIUM This Month

Missing Authorization vulnerability in tychesoftwares Custom Order Numbers for WooCommerce custom-order-numbers-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-66056 MEDIUM Monitor

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.10.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-66055 HIGH This Month

Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.9.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-66053 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows Stored XSS.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-12935 MEDIUM This Month

The FluentCRM - Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-10039 MEDIUM PATCH Monitor

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Wsdesk PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy