NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-47707	Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This iss...	2025-05-14	7.5	NETWORK	HIGH	NVD
CVE-2025-47706	Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This is...	2025-05-14	4.8	NETWORK	MEDIUM	NVD
CVE-2025-47705	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Sc...	2025-05-14	6.1	NETWORK	MEDIUM	NVD
CVE-2025-47704	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows ...	2025-05-14	6.1	NETWORK	MEDIUM	NVD
CVE-2025-47703	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-S...	2025-05-14	6.1	NETWORK	MEDIUM	NVD
CVE-2025-47702	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal oEmbed Providers allows Cross-Site Script...	2025-05-14	6.1	NETWORK	MEDIUM	NVD
CVE-2025-47701	Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by ...	2025-05-14	8.8	NETWORK	HIGH	NVD
CVE-2025-44186	SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page.	2025-05-14	5.4	NETWORK	MEDIUM	NVD
CVE-2025-44184	SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, ln...	2025-05-14	4.8	NETWORK	MEDIUM	NVD
CVE-2025-40595	A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remot...	2025-05-14	7.2	NETWORK	HIGH	NVD
CVE-2025-3932	It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automaticall...	2025-05-14	6.5	NETWORK	MEDIUM	NVD
CVE-2025-3909	Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a n...	2025-05-14	6.5	NETWORK	MEDIUM	NVD
CVE-2025-3877	A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory withou...	2025-05-14	5.4	NETWORK	MEDIUM	NVD
CVE-2025-3875	Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the...	2025-05-14	7.5	NETWORK	HIGH	NVD
CVE-2025-26785	An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 13...	2025-05-14	7.5	NETWORK	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.