Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-04-20 CVE-2025-43921 Incorrect Authorization vulnerability in GNU Mailman
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint.
network
low complexity
gnu CWE-863
5.3
5.3
2025-04-19 CVE-2025-3818 A vulnerability, which was classified as critical, was found in webpy web.py 0.70.
network
low complexity
CWE-74
6.3
6.3
2025-04-19 CVE-2025-3817 A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0.
network
low complexity
CWE-74
6.3
6.3
2025-04-19 CVE-2025-3808 A vulnerability has been found in zhenfeng13 My-BBS 1.0 and classified as problematic.
network
low complexity
CWE-862
4.3
4.3
2025-04-19 CVE-2025-3816 A vulnerability classified as critical was found in westboy CicadasCMS 2.0.
network
low complexity
CWE-77
4.7
4.7
2025-04-19 CVE-2025-3807 A vulnerability, which was classified as critical, was found in zhenfeng13 My-BBS 1.0.
network
low complexity
CWE-434
6.3
6.3
2025-04-19 CVE-2025-3804 A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1.
local
low complexity
CWE-707
5.3
5.3
2025-04-19 CVE-2025-3805 A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec.
local
low complexity
CWE-707
5.3
5.3
2025-04-19 CVE-2025-3661 The SB Chart block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-19 CVE-2025-3798 A vulnerability, which was classified as critical, has been found in WCMS 11.
network
low complexity
CWE-434
4.7
4.7