NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-6495	The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insuffic...	2025-07-29	7.5	NETWORK	HIGH	NVD
CVE-2025-53649	"SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vu...	2025-07-29	5.9	LOCAL	MEDIUM	NVD
CVE-2025-53080	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers t...	2025-07-29	7.1	NETWORK	HIGH	NVD
CVE-2025-53079	Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files	2025-07-29	4.9	NETWORK	MEDIUM	NVD
CVE-2025-53078	Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system	2025-07-29	8.0	NETWORK	HIGH	NVD
CVE-2025-53077	An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker coul...	2025-07-29	6.5	NETWORK	MEDIUM	NVD
CVE-2025-4566	The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text DOM ...	2025-07-29	6.4	NETWORK	MEDIUM	NVD
CVE-2025-4370	The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls functi...	2025-07-29	5.3	NETWORK	MEDIUM	NVD
CVE-2025-3075	The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elem...	2025-07-29	6.4	NETWORK	MEDIUM	NVD
CVE-2025-7811	The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all ...	2025-07-29	6.4	NETWORK	MEDIUM	NVD
CVE-2025-7810	The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all ver...	2025-07-29	5.4	NETWORK	MEDIUM	NVD
CVE-2025-7809	The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all v...	2025-07-29	6.4	NETWORK	MEDIUM	NVD
CVE-2025-54769	An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing....	2025-07-29	8.8	NETWORK	HIGH	NVD
CVE-2025-54768	An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application user...	2025-07-29	5.3	NETWORK	MEDIUM	NVD
CVE-2025-54767	An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.	2025-07-29	6.5	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.