Skip to main content
CVE-2025-24034 LOW Monitor

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure
NVD GitHub
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-24033 HIGH PATCH This Month

@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-23227 MEDIUM This Month

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Tivoli Application Dependency Discovery Manager
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-22153 HIGH PATCH This Month

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Authentication Bypass Python
NVD GitHub
CVSS 3.1
7.9
EPSS
0.1%
CVE-2024-55930 MEDIUM This Month

Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Workplace Suite
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-55929 MEDIUM This Month

A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Workplace Suite
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-55928 MEDIUM This Month

Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Workplace Suite
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-55927 HIGH This Month

A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Workplace Suite
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-55926 HIGH This Month

A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Workplace Suite
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2024-45672 MEDIUM This Month

IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Security Verify Bridge
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-0650 HIGH PATCH This Month

A flaw was found in the Open Virtual Network (OVN). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Red Hat Suse
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-55925 HIGH This Month

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Workplace Suite
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-52331 HIGH POC This Month

ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deebot 900 Firmware Deebot N8 Firmware Deebot T8 Firmware Deebot N9 Firmware +10
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2024-52330 CRITICAL POC Act Now

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deebot X2 Omni Firmware Deebot X2 Combo Firmware Deebot X2S Firmware Deebot X5 Pro Firmware +16
NVD
CVSS 4.0
9.5
EPSS
0.7%
CVE-2024-52329 CRITICAL POC Act Now

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Home
NVD
CVSS 4.0
9.5
EPSS
0.7%
CVE-2024-52328 LOW POC Monitor

ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. Rated low severity (CVSS 1.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deebot N8 Firmware Deebot 900 Firmware Deebot T8 Firmware Deebot N9 Firmware +10
NVD
CVSS 4.0
1.8
EPSS
0.0%
CVE-2024-52327 MEDIUM POC This Month

The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Home
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-12079 MEDIUM POC Monitor

ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deebot 900 Firmware Deebot N8 Firmware Deebot T8 Firmware Deebot N9 Firmware +10
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2024-12078 MEDIUM POC This Month

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deebot N10 Firmware Deebot T10 Firmware Deebot X1 Firmware Deebot T20 Firmware +10
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-11147 HIGH POC This Month

ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Deebot 900 Firmware Deebot N8 Firmware Deebot T8 Firmware Deebot N9 Firmware +10
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-0637 CRITICAL This Week

It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-55971 CRITICAL This Week

SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-52325 MEDIUM POC This Month

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection. Rated medium severity (CVSS 5.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Goat G1 2000 Firmware Goat G1 Firmware Goat G1 800 Firmware Gx 600 Firmware +8
NVD
CVSS 4.0
5.8
EPSS
0.6%
CVE-2024-10846 MEDIUM PATCH This Month

The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Docker Information Disclosure Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-57947 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-23006 CRITICAL KEV THREAT CERT-EU Act Now

SonicWall SMA1000 AMC and CMC contain a pre-authentication deserialization vulnerability allowing unauthenticated remote attackers to execute arbitrary OS commands on the management appliance.

Deserialization Sma8200V Sma6200 Firmware Sma6210 Firmware Sma7200 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
61.3%
CVE-2024-13422 MEDIUM PATCH This Month

The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 0.4.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Seo Blogger To Wordpress 301 Redirector
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-13389 MEDIUM PATCH This Month

The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakes_input_email' shortcode in all versions up to, and including, 1.3.4 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Cliptakes
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13340 MEDIUM PATCH This Month

The MDTF - Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Meta Data And Taxonomies Filter
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13236 MEDIUM PATCH This Month

The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Tainacan
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-12504 MEDIUM PATCH This Month

The Broadcast Live Video - Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Videowhisper Live Streaming Integration
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-12118 MEDIUM PATCH This Month

The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS The Events Calendar
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-0648 MEDIUM This Month

Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-0635 MEDIUM This Month

Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-0619 MEDIUM Monitor

Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure M Files Server
NVD
CVSS 4.0
4.6
EPSS
0.1%
CVE-2024-43708 MEDIUM PATCH This Month

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Denial Of Service Kibana
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-13234 HIGH PATCH This Month

The Product Table by WBW plugin for WordPress is vulnerable to SQL Injection via the 'additionalCondition' parameter in all versions up to, and including, 2.1.2 due to insufficient escaping on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Product Table
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-12043 MEDIUM PATCH This Month

The Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Prime Slider
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13593 HIGH PATCH This Month

The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmlt_meeting_map' shortcode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

PHP LFI Information Disclosure RCE WordPress +1
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-13511 MEDIUM PATCH Monitor

The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Authentication Bypass CSRF WordPress Variation Swatches For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12957 HIGH This Month

A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2024-53299 MEDIUM PATCH This Month

The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Wicket
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-52975 CRITICAL This Week

An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2024-52972 MEDIUM PATCH This Month

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Denial Of Service Kibana
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24530 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin 5.x before 5.2.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Suse
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-24529 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin 5.x before 5.2.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Suse
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-43710 MEDIUM PATCH Monitor

A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Elastic SSRF Kibana
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-43707 HIGH PATCH This Month

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Kibana
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2025-24030 HIGH PATCH This Month

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Path Traversal Kubernetes Gateway Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-42187 MEDIUM This Month

BigFix Patch Download Plug-ins are affected by path traversal vulnerability. Rated medium severity (CVSS 5.3). No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.3
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy