Skip to main content
CVE-2025-0458 MEDIUM This Month

A vulnerability classified as problematic was found in Virtual Computer Vysual RH Solution 2024.12.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-29980 MEDIUM Monitor

Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Securecore Technology
NVD
CVSS 4.0
4.6
EPSS
0.1%
CVE-2024-29979 MEDIUM Monitor

Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Securecore Technology
NVD
CVSS 4.0
4.6
EPSS
0.1%
CVE-2024-55000 MEDIUM POC This Month

Sourcecodester House Rental Management system v1.0 is vulnerable to Cross Site Scripting (XSS) in rental/manage_categories.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS House Rental Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-39773 MEDIUM POC This Month

An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-56497 MEDIUM This Month

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet Fortimail Fortirecorder
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-54021 MEDIUM This Month

An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52969 MEDIUM Monitor

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Fortisiem
NVD
CVSS 3.1
4.1
EPSS
0.2%
CVE-2024-48893 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortisoar
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-48890 MEDIUM This Month

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortisoar Imap Connector
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-47566 MEDIUM This Month

A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortirecorder
NVD
CVSS 3.1
5.1
EPSS
0.4%
CVE-2024-46666 MEDIUM This Month

An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortios
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-46664 MEDIUM This Month

A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortirecorder
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-45326 MEDIUM Monitor

An Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortideceptor
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-40587 MEDIUM This Month

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet Fortivoice
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-36510 MEDIUM This Month

An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Forticlientems Fortisoar
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-36504 MEDIUM This Month

An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Fortinet Fortios
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-35278 MEDIUM Monitor

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet SQLi Fortiportal
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-35275 MEDIUM This Month

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Fortinet SQLi Fortianalyzer Fortianalyzer Cloud +2
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-33502 MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-32115 MEDIUM This Month

A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortimanager
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-26012 MEDIUM This Month

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiap Fortiap S Fortiap W2
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-21758 MEDIUM This Month

A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands,. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Stack Overflow Buffer Overflow Fortinet Fortiweb
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2024-11863 MEDIUM This Month

Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Scp Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-12240 MEDIUM This Month

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-0393 MEDIUM PATCH This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress Royal Elementor Addons PHP Elementor
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-13156 MEDIUM This Month

The HTML5 Video Player - mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11736 MEDIUM PATCH Monitor

A vulnerability was found in Keycloak. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2024-11734 MEDIUM PATCH This Month

A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-12006 MEDIUM PATCH This Month

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress W3 Total Cache
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2024-13323 MEDIUM PATCH This Month

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Booking Calendar
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2025-23038 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.5%
CVE-2025-23037 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.7%
CVE-2025-23036 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.4%
CVE-2025-23035 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.7%
CVE-2025-23034 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.5%
CVE-2025-23033 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.7%
CVE-2025-23032 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.5%
CVE-2025-23031 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.5%
CVE-2025-23030 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.3%
CVE-2025-0068 MEDIUM Monitor

An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-0067 MEDIUM This Month

Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-0060 MEDIUM PATCH This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0059 MEDIUM This Month

Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-0058 MEDIUM PATCH This Month

In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass SAP Sap Basis
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0057 MEDIUM Monitor

SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload SAP Java XSS
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-0056 MEDIUM This Month

SAP GUI for Java saves user input on the client PC to improve usability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Java
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-0055 MEDIUM This Month

SAP GUI for Windows stores user input on the client PC to improve usability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft SAP Information Disclosure Windows
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-0053 MEDIUM PATCH This Month

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass SAP Information Disclosure Sap Basis
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-12298 MEDIUM This Month

We found a vulnerability Improper Restriction of XML External Entity Reference (CWE-611) in NB-series NX-Designer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE
NVD
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy