NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-23408	Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.10.1. The issue is fixed in version 1.11.0...	2025-12-12	8.5	NETWORK	HIGH	NVD
CVE-2025-14074	The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capab...	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-13993	The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_description' and 'success_mes...	2025-12-12	5.5	NETWORK	MEDIUM	NVD
CVE-2025-12348	The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Missing Authorization in versions ...	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-40829	A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applications contains an uninitialized memory vulnerabilit...	2025-12-12	7.8	LOCAL	HIGH	NVD
CVE-2025-12960	The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the `href` parameter in...	2025-12-12	6.5	NETWORK	MEDIUM	NVD
CVE-2025-67731	Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json()...	2025-12-12	8.7	NETWORK	HIGH	NVD
CVE-2025-67730	Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated us...	2025-12-12	5.1	NETWORK	MEDIUM	NVD
CVE-2025-4970	The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1...	2025-12-12	5.5	NETWORK	MEDIUM	NVD
CVE-2025-14169	The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter ...	2025-12-12	7.5	NETWORK	HIGH	NVD
CVE-2025-14049	The VikRentItems Flexible Rental Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'delto' parameter in a...	2025-12-12	6.1	NETWORK	MEDIUM	NVD
CVE-2025-13891	The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.13.3. This...	2025-12-12	6.5	NETWORK	MEDIUM	NVD
CVE-2025-11876	The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgun_subscription_form' shortcode in ...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-10583	The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get_server...	2025-12-12	3.5	NETWORK	LOW	NVD
CVE-2025-67737	AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal us...	2025-12-12	3.1	NETWORK	LOW	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.