NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-40829	A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applications contains an uninitialized memory vulnerabilit...	2025-12-12	7.8	LOCAL	HIGH	NVD
CVE-2025-12960	The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the `href` parameter in...	2025-12-12	6.5	NETWORK	MEDIUM	NVD
CVE-2025-67731	Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json()...	2025-12-12	8.7	NETWORK	HIGH	NVD
CVE-2025-67730	Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated us...	2025-12-12	5.1	NETWORK	MEDIUM	NVD
CVE-2025-4970	The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1...	2025-12-12	5.5	NETWORK	MEDIUM	NVD
CVE-2025-14169	The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter ...	2025-12-12	7.5	NETWORK	HIGH	NVD
CVE-2025-14049	The VikRentItems Flexible Rental Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'delto' parameter in a...	2025-12-12	6.1	NETWORK	MEDIUM	NVD
CVE-2025-13891	The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.13.3. This...	2025-12-12	6.5	NETWORK	MEDIUM	NVD
CVE-2025-11876	The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgun_subscription_form' shortcode in ...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-10583	The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get_server...	2025-12-12	3.5	NETWORK	LOW	NVD
CVE-2025-67737	AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal us...	2025-12-12	3.1	NETWORK	LOW	NVD
CVE-2025-67728	Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public...	2025-12-12	9.8	NETWORK	CRITICAL	NVD
CVE-2025-67727	Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI w...	2025-12-12	6.9	NETWORK	MEDIUM	NVD
CVE-2025-67726	Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters f...	2025-12-12	7.5	NETWORK	HIGH	NVD
CVE-2025-14356	The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7_...	2025-12-12	4.3	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.