Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
Recent vulnerabilities and exploits
8.1
CVSSv3
CVE-2025-1532
Phoneservice module is affected by code injection vulnerability, successful exploitation of this vulnerability may affect service confidentiality and integrity.
Honor Com.hihonor.phoneservice
6.4
CVSSv3
CVE-2025-3615
The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Co...
9
CVSSv4
CVE-2025-3113
A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows t...
Perforce Delphix
8.5
CVSSv4
CVE-2025-2903
An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an malicious user to gain access to sensitive data stored on th...
4.9
CVSSv3
CVE-2025-3295
The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which m...
NA
CVE-2024-13925
The Klarna Checkout for WooCommerce WordPress plugin prior to 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an malicious user to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result in rapid consumpt...
Unknown Klarna Checkout For Woocommerce
NA
CVE-2025-1524
The Ultimate Dashboard WordPress plugin prior to 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mu...
Unknown Ultimate Dashboard
NA
CVE-2025-1525
The Ultimate Dashboard WordPress plugin prior to 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mu...
Unknown Ultimate Dashboard
NA
CVE-2025-1523
The Ultimate Dashboard WordPress plugin prior to 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mu...
Unknown Ultimate Dashboard
7.2
CVSSv3
CVE-2025-3294
The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files...
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2024-50264
CVE-2025-43703
wpweb
mass assignment
CVE-2025-32817
CVE-2025-27840
CVE-2025-32844
information disclosure
CVE-2025-31338
woocommerce social login
sonicwall
avb
local
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »
Vulmon