Skip to main content
CVE-2025-15329 MEDIUM This Month

Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.9 MEDIUM]

Information Disclosure Threat Response
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-23797 MEDIUM This Month

Quick.Cart version 6.7 stores user passwords in plaintext, allowing authenticated administrators to retrieve plaintext credentials through the user editing interface. This vulnerability poses a significant risk in multi-administrator environments where high-privileged users may abuse account access. No patch is currently available, and other versions may be similarly affected though unconfirmed.

Information Disclosure Quick.Cart
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-25198 MEDIUM PATCH This Month

Open redirect in web2py 2.27.1 and earlier allows unauthenticated remote attackers to redirect users to arbitrary websites via specially crafted URLs, potentially facilitating phishing attacks. The vulnerability requires user interaction to exploit and affects the application's integrity with network-accessible attack vectors. No patch is currently available.

Open Redirect
NVD GitHub
CVSS 3.0
4.7
EPSS
0.0%
CVE-2026-1964 MEDIUM PATCH This Month

Improper access controls in Wekan's REST API endpoint (models/boards.js) prior to version 8.21 allow authenticated users to modify resources they should not have permission to access. The vulnerability requires valid credentials but no user interaction, making it exploitable by any authenticated attacker with network access. Administrators should upgrade to version 8.21 or later to remediate this issue.

Information Disclosure Wekan
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-15331 MEDIUM This Month

Tanium addressed an uncontrolled resource consumption vulnerability in Connect. [CVSS 4.3 MEDIUM]

Denial Of Service Connect
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-15342 MEDIUM This Month

Tanium addressed an improper access controls vulnerability in Reputation. [CVSS 4.3 MEDIUM]

Authentication Bypass Reputation
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-15333 MEDIUM This Month

Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.3 MEDIUM]

Information Disclosure Threat Response
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-15327 MEDIUM This Month

Tanium addressed an improper access controls vulnerability in Deploy. [CVSS 4.3 MEDIUM]

Authentication Bypass Deploy
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-15326 MEDIUM This Month

Tanium addressed an improper access controls vulnerability in Patch. [CVSS 4.3 MEDIUM]

Authentication Bypass Patch
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13416 MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pm_deactivate_user_from_group() function in all versions up to, and including, 5.9.7.2. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-1897 MEDIUM PATCH This Month

WeKan versions up to 8.20 contain an authorization bypass in the position history tracking functionality that allows authenticated remote attackers to access sensitive information without proper permissions. The vulnerability exists in the server/methods/positionHistory.js file and can be exploited by any user with login credentials. Upgrading to version 8.21 or later resolves this issue.

Authentication Bypass Wekan
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-15335 MEDIUM This Month

Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.3 MEDIUM]

Information Disclosure Threat Response
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-15334 MEDIUM This Month

Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.3 MEDIUM]

Information Disclosure Threat Response
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy