NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-3923	The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and in...	2025-04-25	5.3	NETWORK	MEDIUM	NVD
CVE-2025-3861	The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data\| due to a misco...	2025-04-25	5.4	NETWORK	MEDIUM	NVD
CVE-2025-3511	Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN A...	2025-04-25	5.9	NETWORK	MEDIUM	NVD
CVE-2025-2580	The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and includi...	2025-04-25	4.9	NETWORK	MEDIUM	NVD
CVE-2025-0671	The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Template settings, which could allow high privilege users...	2025-04-25	6.1	NETWORK	MEDIUM	NVD
CVE-2025-46599	CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyP...	2025-04-25	6.8	NETWORK	MEDIUM	NVD
CVE-2025-3775	The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerab...	2025-04-25	6.5	NETWORK	MEDIUM	NVD
CVE-2025-3752	The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘preload’ parameter in all ve...	2025-04-25	6.4	NETWORK	MEDIUM	NVD
CVE-2025-46595	An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, u...	2025-04-25	6.4	NETWORK	MEDIUM	NVD
CVE-2025-46547	In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks...	2025-04-25	5.4	NETWORK	MEDIUM	NVD
CVE-2025-46546	In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /a...	2025-04-25	3.5	NETWORK	LOW	NVD
CVE-2025-46545	In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name pa...	2025-04-25	4.4	NETWORK	MEDIUM	NVD
CVE-2025-46544	In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.	2025-04-25	6.4	NETWORK	MEDIUM	NVD
CVE-2025-43865	React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header...	2025-04-25	8.2	NETWORK	HIGH	NVD
CVE-2025-43864	React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode...	2025-04-25	7.5	NETWORK	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.