Common Vulnerabilities and Exposures (CVEs)

CVE ID : CVE-2025-4583

Published : May 29, 2025, 5:15 a.m. | 15 minutes ago

Description : The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5273

Published : May 29, 2025, 5:15 a.m. | 15 minutes ago

Description : All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5276

Published : May 29, 2025, 5:15 a.m. | 15 minutes ago

Description : All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information.

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27702

Published : May 28, 2025, 9:15 p.m. | 3 hours, 46 minutes ago

Description : CVE-2025-27702 is a vulnerability in the management console of Absolute
Secure Access prior to version 13.54. Attackers with administrative
access to the console and who have been assigned a certain set of
permissions can bypass those permissions to improperly modify settings.
The attack complexity is low, there are no preexisting attack
requirements; the privileges required are high, and there is no user
interaction required. There is no impact to system confidentiality or
availability, impact to system integrity is high.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27703

Published : May 28, 2025, 9:15 p.m. | 3 hours, 46 minutes ago

Description : CVE-2025-27703 is a privilege escalation vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with administrative access to a specific subset of privileged features
in the console can elevate their permissions to access additional
features in the console. The attack complexity is low, there are no
preexisting attack requirements; the privileges required are high, and
there is no user interaction required. The impact to system
confidentiality is low, the impact to system integrity is high and the
impact to system availability is low.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27706

Published : May 28, 2025, 9:15 p.m. | 3 hours, 46 minutes ago

Description : CVE-2025-27706 is a cross-site scripting vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with system administrator permissions can interfere with another system
administrator’s use of the management console when the second
administrator visits the page. Attack complexity is low, there are no
preexisting attack requirements, privileges required are high and active
user interaction is required. There is no impact on confidentiality,
the impact on integrity is low and there is no impact on availability.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-48726

Published : May 28, 2025, 10:15 p.m. | 2 hours, 46 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-49139

Published : May 28, 2025, 10:15 p.m. | 2 hours, 46 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-49137

Published : May 28, 2025, 10:15 p.m. | 2 hours, 46 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-49604

Published : May 28, 2025, 10:15 p.m. | 2 hours, 46 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-49904

Published : May 28, 2025, 10:15 p.m. | 2 hours, 46 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-50338

Published : May 28, 2025, 10:15 p.m. | 2 hours, 46 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-51756

Published : May 28, 2025, 10:15 p.m. | 2 hours, 46 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-51753

Published : May 28, 2025, 10:15 p.m. | 2 hours, 46 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48749

Published : May 28, 2025, 6:15 p.m. | 1 hour, 55 minutes ago

Description : Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2022-43659

Published : May 28, 2025, 7:15 p.m. | 2 hours, 13 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2022-43661

Published : May 28, 2025, 7:15 p.m. | 2 hours, 13 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2022-43669

Published : May 28, 2025, 7:15 p.m. | 2 hours, 13 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2022-44450

Published : May 28, 2025, 7:15 p.m. | 2 hours, 13 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2022-44452

Published : May 28, 2025, 7:15 p.m. | 2 hours, 13 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…