Skip to main content
CVE-2026-22487 MEDIUM This Month

Baqend Speed Kit versions through 2.0.2 contain an authorization bypass that allows authenticated users to modify data by exploiting misconfigured access control levels. An attacker with valid credentials could escalate privileges to alter information they should not have permission to change. No patch is currently available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12640 MEDIUM This Month

The Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-0674 MEDIUM This Month

Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor is affected by missing authorization (CVSS 4.3).

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-0747 LOW Monitor

Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing. [CVSS 3.3 LOW]

Windows
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-15346 PATCH This Week

A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.

Python TLS
NVD GitHub
EPSS
0.1%
CVE-2025-67858 PATCH Monitor

A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? before 0.31.

Information Disclosure
NVD
EPSS
0.0%
CVE-2025-66002 Monitor

An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper

Code Injection
NVD
EPSS
0.0%
CVE-2025-8306 Monitor

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.

Authentication Bypass
NVD
EPSS
0.0%
CVE-2025-67603 PATCH Monitor

A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31.

Authentication Bypass
NVD
EPSS
0.0%
CVE-2025-8307 Monitor

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format.

Information Disclosure
NVD
EPSS
0.0%
CVE-2025-66003 Monitor

An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5.

Information Disclosure
NVD
EPSS
0.0%
CVE-2025-4596 Monitor

Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs.

Authentication Bypass
NVD
EPSS
0.0%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy