Skip to main content
CVE-2025-59892 HIGH This Week

Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. [CVSS 8.0 HIGH]

CSRF Diskpulse Syncbreeze
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-59891 HIGH This Week

Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. [CVSS 8.0 HIGH]

CSRF Diskpulse Syncbreeze
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-21569 HIGH This Week

XXE injection in Atlassian Crowd Data Center and Server 7.1.0+ enables authenticated attackers to read local and remote files, significantly compromising confidentiality and availability. The vulnerability requires high privileges to exploit but accepts no user interaction, affecting multiple Crowd versions until patching to 7.1.3 or later. No patch is currently available for all affected versions.

Atlassian Confluence XXE Crowd
NVD VulDB
CVSS 3.0
7.9
EPSS
0.1%
CVE-2025-57283 HIGH PATCH This Week

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js. [CVSS 7.8 HIGH]

Node.js Command Injection Browserstack Local Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-23014 HIGH PATCH This Week

Linux kernel perf subsystem denial of service via improper hrtimer cleanup allows local users with standard privileges to cause a system crash when perf events are freed with active hrtimerss still pending. The vulnerability stems from insufficient timer cancellation during event destruction, enabling resource exhaustion. No patch is currently available.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-46691 HIGH This Week

Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. [CVSS 7.8 HIGH]

Authentication Bypass Dell Premiercolor
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61731 HIGH PATCH This Week

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. [CVSS 7.8 HIGH]

Go Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33220 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. [CVSS 7.8 HIGH]

Denial Of Service Privilege Escalation Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33219 HIGH PATCH This Week

NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. [CVSS 7.8 HIGH]

Linux Integer Overflow Denial Of Service Privilege Escalation Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33218 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. [CVSS 7.8 HIGH]

Linux Windows Integer Overflow Denial Of Service Privilege Escalation +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33217 HIGH This Week

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. [CVSS 7.8 HIGH]

Windows Use After Free Denial Of Service Privilege Escalation Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-68662 HIGH This Week

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. [CVSS 7.6 HIGH]

SSRF Discourse
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-24833 HIGH This Week

DotNetNuke versions prior to 9.13.10 and 10.2.0 allow arbitrary script execution in the Persona Bar administrative interface through unsanitized richtext content in module descriptions. An authenticated attacker with module installation privileges can inject malicious scripts that execute in the context of administrative users, potentially compromising sensitive data or administrative functions. This vulnerability requires high privileges and user interaction to exploit, with no public patch currently available for affected versions.

.NET Dotnetnuke
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-24837 HIGH PATCH This Week

Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows high-privileged users with UI interaction to inject malicious scripts into module friendly names that execute within the Persona Bar administrative interface. An authenticated attacker with sufficient permissions could exploit this to perform administrative actions or compromise other users' sessions. No patch is currently available for affected versions.

.NET Dotnetnuke
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-24836 HIGH PATCH This Week

Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows authenticated administrators with high privileges to inject malicious scripts into log notes that execute within the PersonaBar interface. An attacker with admin credentials could perform actions as the victim or steal session data when the logs are viewed. Upgrade to DNN 9.13.10 or 10.2.0 to remediate this vulnerability.

.NET Dotnetnuke
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-1280 HIGH This Week

The Frontend File Manager Plugin for WordPress through version 23.5 lacks proper authorization checks on a file sharing AJAX endpoint, allowing unauthenticated attackers to enumerate and exfiltrate sensitive uploaded files via sequential ID manipulation. By exploiting this flaw, an attacker can email arbitrary files to themselves or others, potentially exposing restricted administrative data. No patch is currently available for this high-severity vulnerability.

WordPress
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59895 HIGH This Week

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. [CVSS 7.5 HIGH]

Denial Of Service Code Injection Syncbreeze Diskpulse
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-14840 HIGH PATCH This Week

Http Client Manager versions up to 9.3.13 is affected by improper check for unusual or exceptional conditions (CVSS 7.5).

Drupal Http Client Manager Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23743 HIGH This Week

Discourse is an open source discussion platform. [CVSS 7.5 HIGH]

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-0702 HIGH This Week

Unauthenticated attackers can exploit time-based SQL injection in the VidShop plugin for WordPress (versions up to 1.1.4) through the unescaped 'fields' parameter to extract sensitive database information. The vulnerability stems from insufficient input validation and improper query preparation, allowing attackers to inject malicious SQL commands without authentication. No patch is currently available for this high-severity flaw affecting WooCommerce installations.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-40537 HIGH This Week

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions. [CVSS 7.5 HIGH]

Authentication Bypass Web Help Desk
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-0832 HIGH This Week

New User Approve (WordPress plugin) versions up to 3.2.2. is affected by missing authorization (CVSS 7.3).

WordPress
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-1400 HIGH This Week

Arbitrary file upload in AI Engine WordPress plugin versions up to 3.3.2 allows authenticated Editor-level users to bypass file type validation and execute remote code by uploading files through the `update_media_metadata` REST endpoint. An attacker can upload a benign image file and then rename it to PHP, placing executable code in the web-accessible uploads directory. The vulnerability affects WordPress installations with the plugin installed and requires Editor or higher privileges to exploit.

WordPress PHP RCE AI / ML
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-14610 HIGH This Week

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations, including localhost and internal network services, and read sensitive files such as wp-config....

WordPress PHP SSRF
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-68479 HIGH This Week

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. [CVSS 7.1 HIGH]

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-13917 HIGH This Week

WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. [CVSS 7.0 HIGH]

Privilege Escalation
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-68119 HIGH PATCH This Week

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. [CVSS 7.0 HIGH]

Buffer Overflow RCE Go Red Hat Suse
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy