Skip to main content
CVE-2023-37398 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-35907 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-35017 MEDIUM This Month

IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-37413 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-37412 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Aspera Faspex
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-33838 MEDIUM This Month

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-0843 MEDIUM POC This Week

A vulnerability was found in needyamin Library Card System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Library Card System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-0842 MEDIUM POC This Week

A vulnerability was found in needyamin Library Card System 1.0 and classified as critical.php of the component Login. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Library Card System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-57513 MEDIUM This Month

A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-51182 MEDIUM POC This Month

HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Celk Saude
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-24884 MEDIUM PATCH This Month

kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kubernetes Suse
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-24795 MEDIUM PATCH Monitor

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Snowflake Connector
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-24794 MEDIUM PATCH This Month

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Privilege Escalation Python Snowflake Connector
NVD GitHub
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-24788 MEDIUM PATCH This Month

snowflake-connector-net is the Snowflake Connector for .NET. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Apple Snowflake Connector macOS
NVD GitHub
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-0841 MEDIUM This Month

A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-0840 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Binutils Red Hat Suse
NVD VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2024-48852 MEDIUM POC This Week

Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
2.7%
CVE-2025-24882 MEDIUM PATCH This Month

regclient is a Docker and OCI Registry Client in Go. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
5.2
EPSS
0.2%
CVE-2025-24790 MEDIUM PATCH Monitor

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Java Snowflake Jdbc
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-24791 MEDIUM PATCH Monitor

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Authentication Bypass Snowflake Connector
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-24792 MEDIUM Monitor

Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (PDO) extension to connect to the Snowflake database. Rated medium severity (CVSS 4.4). No vendor patch available.

Denial Of Service PHP
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-24374 MEDIUM PATCH Monitor

Twig is a template language for PHP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-57439 MEDIUM POC Monitor

An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ruoyi
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-57438 MEDIUM POC This Month

Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-57437 MEDIUM POC This Week

RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruoyi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-0353 MEDIUM This Month

The Divi Torque Lite - Best Divi Addon, Extensions, Modules & Social Modules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-13561 MEDIUM This Month

The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's brid_override_yt shortcode in all versions up to, and including, 3.8.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-0617 MEDIUM This Month

An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2025-0804 MEDIUM PATCH This Month

The ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Clickwhale PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-0806 MEDIUM POC This Week

A vulnerability was found in code-projects Job Recruitment 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Job Recruitment
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-23362 MEDIUM This Month

The old versions of EXIF Viewer Classic contain a cross-site scripting vulnerability caused by improper handling of EXIF meta data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.0
6.1
EPSS
0.0%
CVE-2025-0803 MEDIUM POC This Week

A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-0802 MEDIUM POC This Week

A vulnerability classified as critical was found in SourceCodester Best Employee Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Best Employee Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-0800 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Courseware
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-0797 MEDIUM POC Monitor

A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Escan Anti Virus
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-0795 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG V5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cdg
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-0794 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG V5 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cdg
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-0793 MEDIUM POC This Month

A vulnerability has been found in ESAFENET CDG V5 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-0792 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in ESAFENET CDG V5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0791 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in ESAFENET CDG V5.jsp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-0790 MEDIUM POC This Month

A vulnerability classified as problematic was found in ESAFENET CDG V5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cdg
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy