NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-9436	The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `trustindex` shortcode in all versio...	2025-12-11	6.4	NETWORK	MEDIUM	NVD
CVE-2025-14157	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could ha...	2025-12-11	6.5	NETWORK	MEDIUM	NVD
CVE-2025-13978	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could h...	2025-12-11	4.3	NETWORK	MEDIUM	NVD
CVE-2025-12716	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under ...	2025-12-11	8.7	NETWORK	HIGH	NVD
CVE-2025-12562	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could ...	2025-12-11	7.5	NETWORK	HIGH	NVD
CVE-2025-10163	The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘starting_with’ parameter of the catlist shortcode in a...	2025-12-11	6.5	NETWORK	MEDIUM	NVD
CVE-2025-14485	A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function show_debug_screen of the file /sess-bin/timepro.c...	2025-12-11	5.0	NETWORK	MEDIUM	NVD
CVE-2025-13764	The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDe...	2025-12-11	9.8	NETWORK	CRITICAL	NVD
CVE-2025-11467	The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Si...	2025-12-11	5.8	NETWORK	MEDIUM	NVD
CVE-2025-67720	Pyrofork is a modern, asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messag...	2025-12-11	6.5	NETWORK	MEDIUM	NVD
CVE-2025-67719	Ibexa is a composable end-to-end DXP (Digital Experience Platform). Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the tra...	2025-12-11	8.5	LOCAL	HIGH	NVD
CVE-2025-67718	Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path ...	2025-12-11	8.7	NETWORK	HIGH	NVD
CVE-2025-67717	ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instan...	2025-12-11	5.3	NETWORK	MEDIUM	NVD
CVE-2025-67716	The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-valida...	2025-12-11	5.7	NETWORK	MEDIUM	NVD
CVE-2025-67713	Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing...	2025-12-11	5.3	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.