Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-04-19 CVE-2025-3797 A vulnerability classified as critical was found in SeaCMS up to 13.3.
network
low complexity
CWE-74
4.7
2025-04-19 CVE-2025-1457 The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Wrapper Link, Countdown and Gallery widgets in all versions up to, and including, 5.10.28 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2025-04-19 CVE-2025-3275 The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider widget in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2025-04-19 CVE-2025-3284 The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.3.
network
low complexity
CWE-352
4.3
2025-04-18 CVE-2025-3796 A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0.
network
low complexity
CWE-74
6.3
2025-04-18 CVE-2025-2950 IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i.
network
low complexity
CWE-644
5.4
2025-04-18 CVE-2025-3791 A vulnerability classified as critical was found in symisc UnQLite up to 957c377cb691a4f617db9aba5cc46d90425071e2.
local
low complexity
CWE-122
5.3
2025-04-18 CVE-2025-3792 A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3.
network
low complexity
CWE-74
4.7
2025-04-18 CVE-2025-3790 A vulnerability classified as critical has been found in baseweb JSite 1.0.
network
low complexity
CWE-266
5.3
2025-04-18 CVE-2024-45651 IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
network
low complexity
CWE-613
6.3