Skip to main content
CVE-2024-57514 MEDIUM POC This Month

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

TP-Link XSS
NVD
CVSS 3.1
4.8
EPSS
7.5%
CVE-2022-31749 MEDIUM This Month

An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-50316 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Sterling B2b Integrator
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2018-9378 MEDIUM PATCH This Month

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2017-13318 MEDIUM PATCH This Month

In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2017-13317 MEDIUM PATCH This Month

In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-0789 MEDIUM POC This Month

A vulnerability classified as critical has been found in ESAFENET CDG V5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-0788 MEDIUM This Month

A vulnerability was found in ESAFENET CDG V5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cdg
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-22917 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in Audemium ERP <=0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-0787 MEDIUM This Month

A vulnerability was found in ESAFENET CDG V5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cdg
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0786 MEDIUM This Month

A vulnerability was found in ESAFENET CDG V5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cdg
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0785 MEDIUM This Month

A vulnerability was found in ESAFENET CDG V5 and classified as problematic.jsp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cdg
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-29869 MEDIUM PATCH This Month

Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Hive
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24826 MEDIUM This Month

Local privilege escalation due to insecure folder permissions. Rated medium severity (CVSS 6.7). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2025-0784 MEDIUM POC This Month

A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Incontrol Web
NVD VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2024-40674 MEDIUM This Month

In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Android Google
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-40673 MEDIUM This Month

In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Android Google
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2025-0783 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-23057 MEDIUM This Month

A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS Fabric Composer
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-23056 MEDIUM This Month

A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS Fabric Composer
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-23055 MEDIUM This Month

A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS Fabric Composer
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-23054 MEDIUM This Month

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an authenticated low privilege operator user to perform operations not allowed by their. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Fabric Composer
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23053 MEDIUM This Month

A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Privilege Escalation Fabric Composer
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-8401 MEDIUM This Month

vulnerability exists when an authenticated attacker modifies folder names within the context of the product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-0432 MEDIUM This Month

EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2024-7881 MEDIUM PATCH This Month

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C1 Premium Firmware C1 Pro Firmware C1 Ultra Firmware Cortex X3 Firmware +6
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2024-6351 MEDIUM Monitor

A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-11956 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pimcore
NVD GitHub VulDB Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2024-11954 MEDIUM POC PATCH This Month

A vulnerability classified as problematic was found in Pimcore 11.4.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pimcore
NVD GitHub VulDB Exploit-DB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-0754 MEDIUM Monitor

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-0750 MEDIUM PATCH This Month

A vulnerability was found in CRI-O. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Red Hat Suse
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-0736 MEDIUM PATCH This Month

A flaw was found in Infinispan, when using JGroups with JDBC_PING. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Red Hat
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-0290 MEDIUM Monitor

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-23953 MEDIUM POC PATCH This Week

Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Apache Hive
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2024-13527 MEDIUM PATCH This Month

The Philantro - Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Philantro
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-0321 MEDIUM This Month

The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Elementskit PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13521 MEDIUM PATCH This Month

The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress Mailup Auto Subscription
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12807 MEDIUM POC Monitor

The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Share Buttons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-12723 MEDIUM POC This Month

The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Infility Global
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-24810 MEDIUM Monitor

Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.0
4.8
EPSS
0.1%
CVE-2025-23084 MEDIUM PATCH This Month

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Node.js Path Traversal Node Js Windows +1
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2024-53881 MEDIUM This Month

NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-53869 MEDIUM PATCH This Month

NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-0147 MEDIUM PATCH This Month

NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Nvidia Microsoft Memory Corruption +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-0140 MEDIUM This Month

NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure RCE Nvidia Deserialization
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-0137 MEDIUM PATCH This Month

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Nvidia Denial Of Service Nvidia Container Toolkit Nvidia Gpu Operator Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-45341 MEDIUM PATCH This Month

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-45336 MEDIUM PATCH This Month

The HTTP client drops sensitive headers after following a cross-domain redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-22315 MEDIUM Monitor

IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Storage Fusion Storage Fusion Hci Storage Fusion Hci For Watsonx
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-27263 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
5.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy