Skip to main content
CVE-2025-13311 MEDIUM This Month

The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-12032 MEDIUM This Month

The Zweb Social Mobile - Ứng Dụng Nút Gọi Mobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vithanhlam_zsocial_save_messager’, 'vithanhlam_zsocial_save_zalo',. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-12025 MEDIUM This Month

The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-13452 MEDIUM This Month

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-13382 MEDIUM This Month

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12586 MEDIUM This Month

The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-33197 MEDIUM This Month

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Nvidia Dgx Os
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-64061 MEDIUM This Month

Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Project Contract Management
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-12634 MEDIUM This Month

The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_refund_status' function in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12587 MEDIUM This Month

The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-10646 MEDIUM This Month

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::get_rest_permission() method in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-36134 LOW Monitor

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-65961 LOW PATCH Monitor

Contao is an Open Source CMS. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Contao
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-33198 LOW Monitor

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Dgx Os
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-33199 LOW Monitor

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Dgx Os
NVD
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-65942 LOW PATCH Monitor

VictoriaMetrics is a scalable solution for monitoring and managing time series data. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-33200 LOW Monitor

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Dgx Os
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2025-13643 LOW Monitor

A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Authentication Bypass MongoDB
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-12893 LOW Monitor

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage (EKU) requirements. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Microsoft Information Disclosure MongoDB Windows
NVD
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-62497 LOW Monitor

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Snc Cx600W Firmware
NVD
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-66187 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-66186 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-66185 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-66184 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-66183 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-66182 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-66181 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-66180 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-66179 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy