Skip to main content
CVE-2025-23053 MEDIUM This Month

A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Privilege Escalation Fabric Composer
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0781 HIGH PATCH This Month

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Simgear Debian Linux Suse
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2024-8401 MEDIUM This Month

vulnerability exists when an authenticated attacker modifies folder names within the context of the product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24800 CRITICAL PATCH This Week

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-23385 HIGH This Month

In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local. Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Dottrace Etw Host Service Resharper Rider
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23213 HIGH POC PATCH This Week

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload XSS Recipes
NVD GitHub
CVSS 3.1
8.7
EPSS
0.3%
CVE-2025-23212 HIGH POC PATCH This Month

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Recipes
NVD GitHub
CVSS 3.1
7.7
EPSS
0.3%
CVE-2025-23045 HIGH PATCH This Month

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Computer Vision Annotation Tool
NVD GitHub
CVSS 4.0
8.7
EPSS
0.9%
CVE-2025-0659 HIGH This Month

A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-0432 MEDIUM This Month

EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2024-7881 MEDIUM PATCH This Month

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C1 Premium Firmware C1 Pro Firmware C1 Ultra Firmware Cortex X3 Firmware +6
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2024-6351 MEDIUM Monitor

A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-11956 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pimcore
NVD GitHub VulDB Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2024-11954 MEDIUM POC PATCH This Month

A vulnerability classified as problematic was found in Pimcore 11.4.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pimcore
NVD GitHub VulDB Exploit-DB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-0065 HIGH This Month

Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Code Injection Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-0754 MEDIUM Monitor

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-0752 HIGH This Month

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Request Smuggling Openshift Service Mesh Red Hat
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-0750 MEDIUM PATCH This Month

A vulnerability was found in CRI-O. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Red Hat Suse
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-0736 MEDIUM PATCH This Month

A flaw was found in Infinispan, when using JGroups with JDBC_PING. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Red Hat
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-0290 MEDIUM Monitor

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-23953 MEDIUM POC PATCH This Week

Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Apache Hive
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2024-13527 MEDIUM PATCH This Month

The Philantro - Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Philantro
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-0321 MEDIUM This Month

The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Elementskit PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13521 MEDIUM PATCH This Month

The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress Mailup Auto Subscription
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-13448 CRITICAL This Week

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload WordPress Addons
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2024-12807 MEDIUM POC Monitor

The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Share Buttons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12723 MEDIUM POC This Month

The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Infility Global
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-24810 MEDIUM Monitor

Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.0
4.8
EPSS
0.1%
CVE-2025-23084 MEDIUM PATCH This Month

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Node.js Path Traversal Node Js Windows +1
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2024-11135 HIGH This Month

The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventer_get_attendees' function in all versions up to, and including, 3.9.8 due to insufficient. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Eventer
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-53881 MEDIUM This Month

NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-53869 MEDIUM PATCH This Month

NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-0150 HIGH PATCH This Month

NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Nvidia Microsoft +3
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-0149 LOW Monitor

NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Buffer Overflow Nvidia Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-0147 MEDIUM PATCH This Month

NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Nvidia Microsoft Memory Corruption +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-0146 HIGH This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure RCE Nvidia
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-0140 MEDIUM This Month

NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure RCE Nvidia Deserialization
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-0137 MEDIUM PATCH This Month

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Nvidia Denial Of Service Nvidia Container Toolkit Nvidia Gpu Operator Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0136 HIGH PATCH This Month

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Information Disclosure Nvidia Denial Of Service Nvidia Container Toolkit +3
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-0135 HIGH PATCH This Month

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Information Disclosure Nvidia Denial Of Service Nvidia Container Toolkit +3
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-22865 HIGH PATCH This Month

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-45341 MEDIUM PATCH This Month

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-45340 HIGH PATCH This Month

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-45339 HIGH PATCH This Month

When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-45336 MEDIUM PATCH This Month

The HTTP client drops sensitive headers after following a cross-domain redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-22315 MEDIUM Monitor

IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Storage Fusion Storage Fusion Hci Storage Fusion Hci For Watsonx
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-27263 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-12649 CRITICAL This Week

Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Buffer Overflow RCE Mf455dw Firmware +21
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-12648 CRITICAL This Week

Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Buffer Overflow RCE Mf455dw Firmware +21
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-12647 CRITICAL This Week

Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Buffer Overflow RCE Mf455dw Firmware +21
NVD
CVSS 3.1
9.8
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy