Skip to main content
CVE-2025-20890 HIGH This Week

Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-20888 HIGH This Week

Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-20882 HIGH This Week

Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-20881 HIGH This Week

Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-23059 MEDIUM This Month

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Path Traversal Clearpass Policy Manager
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-20897 MEDIUM This Month

Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-0510 MEDIUM PATCH This Month

Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-1013 MEDIUM PATCH This Month

A race condition could have led to private browsing tabs being opened in normal browsing windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Race Condition Mozilla
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-13356 MEDIUM PATCH This Month

The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress PHP CSRF Dsgvo All In One For Wp
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-13529 MEDIUM This Month

The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-22697 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Reflected XSS.9.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-22602 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-56328 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22675 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Alert Box Block - Display notice/alerts in the front end allows Stored XSS.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22674 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Get Bowtied Product Blocks for WooCommerce allows Stored XSS.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22662 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter allows Stored XSS.1.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22653 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in templaza Music Press Pro allows Stored XSS.4.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22730 MEDIUM This Month

Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22642 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RTO GmbH Dynamic Conditions allows Stored XSS.7.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-35138 MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Security Verify Access
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-13733 MEDIUM PATCH This Month

The SKT Blocks - Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's skt-blocks/post-carousel block in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13403 MEDIUM PATCH This Month

The WPForms - Easy Form Builder for WordPress - Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fieldHTML’ parameter in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wpforms
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13699 MEDIUM PATCH This Month

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor’ parameter in all versions up to, and including, 1.8.7 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Qi Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-20885 MEDIUM This Month

Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12597 MEDIUM PATCH This Month

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_css' and 'inner_css' parameters in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ht Mega
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-24373 MEDIUM PATCH This Month

woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Woocommerce Pdf Invoices Packing Slips PHP
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2025-0444 MEDIUM PATCH This Month

Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-0451 MEDIUM PATCH This Month

Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-20905 MEDIUM This Month

Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-20900 MEDIUM This Month

Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Blockchain Keystore
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-13510 MEDIUM This Month

The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-40700 MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-0630 MEDIUM This Month

Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a local file inclusion attack (LFI), where any authenticated user has privileged access to files on the. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-22641 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prem Tiwari FM Notification Bar allows Stored XSS.0.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-22664 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.1.3.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-43187 MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-48019 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Path Traversal Doris
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2025-20906 MEDIUM This Month

Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-8125 MEDIUM This Month

Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection. Rated medium severity (CVSS 5.4). No vendor patch available.

RCE
NVD
CVSS 4.0
5.4
EPSS
0.4%
CVE-2025-24860 MEDIUM PATCH This Month

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Cassandra Red Hat
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13722 MEDIUM This Month

The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-22696 MEDIUM This Month

Missing Authorization vulnerability in EmbedPress Document Block - Upload & Embed Docs.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-0445 MEDIUM PATCH This Month

Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-1018 MEDIUM PATCH This Month

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-20891 MEDIUM This Month

Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20889 MEDIUM This Month

Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20887 MEDIUM This Month

Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-27137 MEDIUM PATCH This Month

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Java Cassandra Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-45659 MEDIUM This Month

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20893 MEDIUM This Month

Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.1
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy