THREAT ALERT

ACT NOW CVE-2025-58360 8.2 GeoServer contains an XXE vulnerability in the WMS GetMap operation allowing unauthenticated attackers to read server files and perform SSRF attacks. | ACT NOW CVE-2025-13315 9.3 Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API bypass. The exposed log contains the administrator's username and encrypted password, which can be decrypted using hard-coded keys (CVE-2025-13316) to gain full administrative control. | ACT NOW CVE-2025-58034 7.2 Fortinet FortiWeb contains an authenticated OS command injection allowing privilege escalation to execute unauthorized commands on the web application firewall. | ACT NOW CVE-2025-13223 8.8 Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day in 2025, exploited in targeted attacks. | ACT NOW CVE-2025-64446 9.8 Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative commands through crafted HTTP/HTTPS requests. | ACT NOW CVE-2025-62215 7.0 Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource access with improper synchronization. | ACT NOW CVE-2025-12480 9.1 Triofox versions before 16.7.10368.56560 contain an improper access control flaw allowing access to initial setup pages after setup is complete, enabling reconfiguration attacks. | ACT NOW CVE-2025-34299 9.3 Monsta FTP web-based file manager versions 2.11 and earlier allow unauthenticated arbitrary file uploads. The vulnerability enables attackers to upload malicious files from a compromised FTP server, which are then executed on the Monsta FTP server, achieving remote code execution. | ACT NOW CVE-2025-64328 8.6 FreePBX Endpoint Manager contains a post-authentication command injection via the testconnection/check_ssh_connect function, allowing authenticated users to execute OS commands. | ACT NOW CVE-2025-11953 9.8 React Native Metro Development Server binds to external interfaces by default and contains an OS command injection endpoint, allowing unauthenticated network attackers to execute arbitrary code. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — November 27, 2025

56 CVEs tracked today. 8 Critical, 10 High, 31 Medium, 3 Low.

CVE-2025-13675 CRITICAL CVSS 9.8
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Privilege Escalation
CVE-2025-13540 CRITICAL CVSS 9.8
The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
CVE-2025-13539 CRITICAL CVSS 9.8
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
CVE-2025-13538 CRITICAL CVSS 9.8
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
CVE-2025-12421 CRITICAL CVSS 9.9
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Mattermost Server Suse
CVE-2025-12419 CRITICAL CVSS 9.9
Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server Suse
CVE-2025-12140 CRITICAL CVSS 9.3
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Code Injection
CVE-2024-5539 CRITICAL CVSS 9.2
The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
CVE-2025-66314 HIGH CVSS 7.5
Improper Privilege Management vulnerability in ZTE ElasticNet UME R32 on Linux allows Accessing Functionality Not Properly Constrained by ACLs.23.20.04. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Privilege Escalation
CVE-2025-59890 HIGH CVSS 7.3
Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal
CVE-2025-13757 HIGH CVSS 8.8
SQL Injection vulnerability in last usage logs in Devolutions Server.2.20, through 2025.3.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Devolutions Server
CVE-2025-13692 HIGH CVSS 7.2
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS File Upload PHP
CVE-2025-13680 HIGH CVSS 8.8
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
CVE-2025-13536 HIGH CVSS 8.8
The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE WordPress PHP
CVE-2025-12758 HIGH CVSS 7.7
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Validator
CVE-2025-7820 HIGH CVSS 7.5
The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
CVE-2025-0658 HIGH CVSS 8.7
A vulnerability in Automated Logic and Carrier's Zone Controller via BACnet protocol causes the device to crash. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
CVE-2025-0657 HIGH CVSS 8.8
A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-59454 MEDIUM CVSS 4.3
In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Cloudstack
CVE-2025-59302 MEDIUM CVSS 4.7
In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is found in the following APIs which are accessible only to admins. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache Code Injection Cloudstack
CVE-2025-59026 MEDIUM CVSS 5.4
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
CVE-2025-59025 MEDIUM CVSS 6.1
Malicious e-mail content can be used to execute script code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
CVE-2025-54057 MEDIUM CVSS 6.1
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Skywalking
CVE-2025-30190 MEDIUM CVSS 5.4
Malicious content at office documents can be used to inject script code when editing a document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS
CVE-2025-30186 MEDIUM CVSS 5.4
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
CVE-2025-13765 MEDIUM CVSS 4.3
Exposure of email service credentials to users without administrative rights in Devolutions Server.2.21, before 2025.3.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
CVE-2025-13762 MEDIUM CVSS 4.8
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.2.30305. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
CVE-2025-13525 MEDIUM CVSS 6.1
The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order_by' parameter in all versions up to, and including, 1.4.5 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
CVE-2025-13441 MEDIUM CVSS 5.3
The Hide Category by User Role for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
CVE-2025-13381 MEDIUM CVSS 5.3
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays_chatgpt_save_wp_media' function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
CVE-2025-13378 MEDIUM CVSS 6.5
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP
CVE-2025-13157 MEDIUM CVSS 5.3
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
CVE-2025-13143 MEDIUM CVSS 4.3
The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
CVE-2025-12971 MEDIUM CVSS 4.3
The Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
CVE-2025-12713 MEDIUM CVSS 6.4
The Soundslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the soundslides shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
CVE-2025-12712 MEDIUM CVSS 6.4
The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shouty shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
CVE-2025-12670 MEDIUM CVSS 6.4
The wp-twitpic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'twitpic' shortcode in all versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
CVE-2025-12666 MEDIUM CVSS 6.4
The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS PHP
CVE-2025-12649 MEDIUM CVSS 6.4
The SortTable Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the sorttablepost shortcode in all versions up to, and including, 4.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
CVE-2025-12584 MEDIUM CVSS 5.3
The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the 'wqv_popup_content' AJAX endpoint due to insufficient. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
CVE-2025-12579 MEDIUM CVSS 5.3
The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
CVE-2025-12578 MEDIUM CVSS 4.3
The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP CSRF
CVE-2025-12559 MEDIUM CVSS 4.3
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server Suse
CVE-2025-12185 MEDIUM CVSS 4.4
The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
CVE-2025-12151 MEDIUM CVSS 6.4
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolio_name' parameter in all versions up to, and including, 1.1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
CVE-2025-12123 MEDIUM CVSS 6.1
The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
CVE-2025-10476 MEDIUM CVSS 4.3
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_db_fix_callback() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
CVE-2025-3784 MEDIUM CVSS 5.5
Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
CVE-2024-5540 MEDIUM CVSS 6.9
The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser . Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
CVE-2025-66040 LOW CVSS 3.6
Spotipy is a Python library for the Spotify Web API. Rated low severity (CVSS 3.6), this vulnerability is no authentication required. No vendor patch available.

XSS Python
CVE-2025-34351 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
CVE-2025-13758 LOW CVSS 3.5
Exposure of credentials in unintended requests in Devolutions Server.2.20, through 2025.3.8. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
CVE-2025-13742 LOW CVSS 2.4
Emails sent by pretix can utilize placeholders that will be filled with customer data. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pretix
CVE-2025-13338 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
CVE-2025-8890 None
A shell command injection vulnerability exists in the network diagnostics tool of SDMC NE6037 routers running firmware versions prior to 7.1.12.2.44, allowing authenticated attackers with administrative access to execute arbitrary commands on the device. The vulnerability is classified as CWE-78 (OS Command Injection) and carries an EPSS score of 0.77% (73rd percentile), indicating a low empirical probability of exploitation in the wild. While no public proof-of-concept or active exploitation in the wild has been documented, the flaw requires administrative authentication via the LAN-only management interface, significantly limiting real-world attack surface.

Command Injection
CVE-2025-3261 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure

Today's Vulnerabilities Vulnerabilities