Skip to main content
CVE-2025-33203 HIGH This Week

NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure SSRF Nvidia
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-51741 HIGH This Week

An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Echo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-13502 HIGH PATCH This Week

A flaw was found in WebKitGTK and WPE WebKit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59371 HIGH This Week

An authentication bypass vulnerability has been identified in the IFTTT integration feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.5
EPSS
0.2%
CVE-2025-59370 HIGH This Week

A command injection vulnerability has been identified in bwdpi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
7.5
EPSS
0.6%
CVE-2025-12742 HIGH This Week

A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection
NVD
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-64761 HIGH PATCH This Week

OpenBao is an open source identity-based secrets management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Openbao Suse
NVD GitHub
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-33205 HIGH This Week

NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Nemo
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-13376 HIGH This Week

The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE WordPress PHP
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-13068 HIGH This Week

The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Telegram username in all versions up to, and including, 4.1 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-13644 HIGH This Week

MongoDB Server may experience an invariant failure during batched delete operations when handling documents. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-13507 HIGH This Week

Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-59372 MEDIUM This Month

A path traversal vulnerability has been identified in certain router models. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-59365 MEDIUM This Month

A stack buffer overflow vulnerability has been identified in certain router models. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-33190 MEDIUM This Month

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware where an attacker could cause an out-of-bound write. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Nvidia Memory Corruption Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-65960 MEDIUM PATCH This Month

Contao is an Open Source CMS. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

PHP Information Disclosure Contao
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-12040 MEDIUM This Month

The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.9 via several functions in class-th-wishlist-frontend.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-61167 MEDIUM This Month

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Pmb
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13380 MEDIUM This Month

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12645 MEDIUM This Month

The Inline frame - Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-13383 MEDIUM This Month

The Job Board by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-21621 MEDIUM PATCH This Month

GeoServer is an open source server that allows users to share and edit geospatial data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Geoserver
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-64506 MEDIUM PATCH This Month

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libpng Red Hat Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-64505 MEDIUM PATCH This Month

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libpng Red Hat Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-65953 MEDIUM This Month

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Information Disclosure Use After Free
NVD GitHub
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-59368 MEDIUM This Month

An integer underflow vulnerability has been identified in Aicloud. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-40890 MEDIUM This Month

A Stored Cross-Site Scripting vulnerability was discovered in the Dashboards functionality due to improper validation of an input parameter. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-59369 MEDIUM This Month

A SQL injection vulnerability has been identified in bwdpi. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
5.9
EPSS
0.2%
CVE-2025-33194 MEDIUM This Month

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Nvidia Dgx Os
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-33193 MEDIUM This Month

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nvidia Dgx Os
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-33192 MEDIUM This Month

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Dgx Os
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-33191 MEDIUM This Month

NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Dgx Os
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-13467 MEDIUM PATCH This Month

A flaw was found in the Keycloak LDAP User Federation provider. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Red Hat
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-13558 MEDIUM This Month

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-12525 MEDIUM This Month

The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockerco_submit_post' AJAX endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-13389 MEDIUM This Month

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `get_order_by_id()`. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-13405 MEDIUM This Month

The Ace Post Type Builder plugin for WordPress is vulnerable to unauthorized custom taxonomy deletion due to missing authorization validation on the cptb_delete_custom_taxonomy() function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-64067 MEDIUM This Month

Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data (e.g., user profiles, project records) fail to implement sufficient server-side validation to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Project Contract Management
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-13414 MEDIUM This Month

The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdash_watch_for_export() function in all versions up. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-13404 MEDIUM This Month

The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicate_post() function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-13386 MEDIUM This Month

The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'options_update' function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12043 MEDIUM This Month

The Autochat Automatic Conversation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_auycht_saveCid' AJAX endpoint in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64304 MEDIUM This Month

"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-65944 MEDIUM PATCH This Month

Sentry-Javascript is an official Sentry SDKs for JavaScript. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Information Disclosure
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-13385 MEDIUM This Month

The Bookme - Free Online Appointment Booking and Scheduling Plugin for WordPress is vulnerable to time-based SQL Injection via the `filter[status]` parameter in all versions up to, and including, 4.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-13370 MEDIUM This Month

The ProjectList plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 0.3.0 due to insufficient escaping on the user supplied. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-59485 MEDIUM This Month

Incorrect default permissions issue exists in Security Point (Windows) of MaLion prior to Ver.5.3.4. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-64730 MEDIUM This Month

Cross-site scripting vulnerability exists in SNC-CX600W all versions. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Snc Cx600W Firmware
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-33196 MEDIUM This Month

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Dgx Os
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-33195 MEDIUM This Month

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Nvidia Dgx Os
NVD
CVSS 3.1
4.4
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy