Skip to main content
CVE-2025-11763 MEDIUM This Month

The Display Pages Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'column_count' parameter in the [display-pages] shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-11003 MEDIUM This Month

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-10938 MEDIUM This Month

The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Authentication Bypass PHP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-64299 MEDIUM This Month

LogStare Collector improperly handles the password hash data. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Logstare Collector
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-62687 MEDIUM This Month

Cross-site request forgery vulnerability exists in LogStare Collector. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Logstare Collector
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-62189 MEDIUM This Month

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Logstare Collector
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-61949 MEDIUM Monitor

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Logstare Collector
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-58097 MEDIUM This Month

The installation directory of LogStare Collector is configured with incorrect access permissions. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Logstare Collector
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-9825 MEDIUM POC This Month

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-12169 MEDIUM PATCH Monitor

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wsdesk PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12085 MEDIUM PATCH Monitor

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_empty_trash'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wsdesk PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12023 MEDIUM PATCH Monitor

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_crm_restore_data() function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wsdesk PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12022 MEDIUM PATCH Monitor

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wsdesk PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-64751 MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Google Authentication Bypass Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-62426 MEDIUM PATCH This Month

vLLM is an inference and serving engine for large language models (LLMs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Vllm Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy