NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-13428	A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote C...	2025-12-09	8.6	NETWORK	HIGH	NVD
CVE-2025-13071	The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Refl...	2025-12-09	7.1	NETWORK	HIGH	NVD
CVE-2025-13070	The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include fu...	2025-12-09	6.6	NETWORK	MEDIUM	NVD
CVE-2025-13031	The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege user...	2025-12-09	5.9	NETWORK	MEDIUM	NVD
CVE-2025-12807	A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through expose...	2025-12-09	8.7	NETWORK	HIGH	NVD
CVE-2025-12705	The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trim_text' funct...	2025-12-09	7.2	NETWORK	HIGH	NVD
CVE-2025-12558	The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including,...	2025-12-09	4.3	NETWORK	MEDIUM	NVD
CVE-2025-12504	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TalentSoft Software UNIS allows SQL Injection.Th...	2025-12-09	9.8	NETWORK	CRITICAL	NVD
CVE-2025-12381	Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local u...	2025-12-09	6.1	LOCAL	MEDIUM	NVD
CVE-2025-11022	Cross-Site Request Forgery (CSRF) vulnerability in Personal Project Panilux allows Cross Site Request Forgery. This CSRF vulnerability resulting i...	2025-12-09	9.6	NETWORK	CRITICAL	NVD
CVE-2025-10876	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allo...	2025-12-09	5.3	NETWORK	MEDIUM	NVD
CVE-2025-10655	SQL Injection in Frappe HelpDesk in the dashboard get_dashboard_data due to unsafe concatenation of user-controlled parameters into dynamic SQL statem...	2025-12-09	8.6	NETWORK	HIGH	NVD
CVE-2025-10573	Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the co...	2025-12-09	9.6	NETWORK	CRITICAL	NVD
CVE-2024-56840	A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in t...	2025-12-09	7.2	NETWORK	HIGH	NVD
CVE-2024-56839	A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Code injection can be achieved when the affected device is us...	2025-12-09	7.2	NETWORK	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.