NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-11467	The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Si...	2025-12-11	5.8	NETWORK	MEDIUM	NVD
CVE-2025-67720	Pyrofork is a modern, asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messag...	2025-12-11	6.5	NETWORK	MEDIUM	NVD
CVE-2025-67719	Ibexa is a composable end-to-end DXP (Digital Experience Platform). Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the tra...	2025-12-11	8.5	LOCAL	HIGH	NVD
CVE-2025-67718	Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path ...	2025-12-11	8.7	NETWORK	HIGH	NVD
CVE-2025-67717	ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instan...	2025-12-11	5.3	NETWORK	MEDIUM	NVD
CVE-2025-67716	The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-valida...	2025-12-11	5.7	NETWORK	MEDIUM	NVD
CVE-2025-67713	Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing...	2025-12-11	5.3	NETWORK	MEDIUM	NVD
CVE-2025-67648	Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthControl...	2025-12-11	7.1	NETWORK	HIGH	NVD
CVE-2025-67646	TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token valida...	2025-12-11	3.5	NETWORK	LOW	NVD
CVE-2025-67644	LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0...	2025-12-11	7.3	LOCAL	HIGH	NVD
CVE-2025-67511	Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below ...	2025-12-11	9.6	NETWORK	CRITICAL	NVD
CVE-2025-67513	FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a w...	2025-12-10	6.9	NETWORK	MEDIUM	NVD
CVE-2025-67510	Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided b...	2025-12-10	9.4	NETWORK	CRITICAL	NVD
CVE-2025-67509	Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only By...	2025-12-10	8.2	NETWORK	HIGH	NVD
CVE-2025-67505	Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from conc...	2025-12-10	8.4	NETWORK	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.