Skip to main content
CVE-2025-0799 MEDIUM This Month

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal App Connect Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-49791 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-36085 MEDIUM This Month

Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resumes Management and Job Application Website 1.0 allows remote attackers to inject arbitrary code via First and Last Name in Apply. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-52892 MEDIUM This Month

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-12602 MEDIUM This Month

Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-57954 MEDIUM This Month

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-57955 MEDIUM This Month

Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-57962 MEDIUM This Month

Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-57959 MEDIUM This Month

Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-47256 MEDIUM This Month

Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2024-49797 MEDIUM This Month

IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Applinx
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-22936 MEDIUM This Month

An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain sensitive information via the Weak default WiFi password. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-57958 MEDIUM This Month

Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-0158 MEDIUM This Month

IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Entirex
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24845 MEDIUM This Month

Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Code Injection Defense Platform Windows
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-57672 MEDIUM This Month

An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Floodlight
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24483 MEDIUM This Month

NULL pointer dereference vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Defense Platform Windows
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-49792 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-49793 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-49796 MEDIUM This Month

IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-21253 MEDIUM This Month

Microsoft Edge for IOS and Android Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Apple Edge +2
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-24911 MEDIUM This Month

In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Gaia Os
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-25883 MEDIUM This Month

The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-1076 MEDIUM This Month

A Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-1078 MEDIUM This Month

A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-13417 MEDIUM This Month

Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-21267 MEDIUM This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Edge Chromium Chrome
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2025-21404 MEDIUM This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Edge Chromium Chrome
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-49794 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Applinx
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49795 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Applinx
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13416 MEDIUM This Month

Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49798 MEDIUM This Month

IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Applinx
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49800 MEDIUM This Month

IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Applinx
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-22866 MEDIUM PATCH This Month

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-57956 LOW Monitor

Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
2.8
EPSS
0.0%
CVE-2025-1081 LOW Monitor

A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
2.3
EPSS
0.2%
CVE-2025-1083 LOW POC Monitor

A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Xzs Mysql
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2024-57392 HIGH PATCH This Month

Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
4.8%
CVE-2024-56889 HIGH POC This Month

Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Complaint Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2024-53586 MEDIUM POC This Month

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
3.9%
CVE-2024-56467 LOW Monitor

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Entirex
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-57673 MEDIUM POC This Month

An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Floodlight
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-22992 CRITICAL POC Act Now

A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Emoncms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-57668 HIGH POC This Week

In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Shopping Portal
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-23217 HIGH PATCH This Month

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Suse
NVD GitHub
CVSS 4.0
8.2
EPSS
3.6%
CVE-2024-36557 MEDIUM This Month

The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW60. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-57599 MEDIUM POC Monitor

Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Douphp
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-57429 MEDIUM POC This Month

A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cinema Booking System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-57428 CRITICAL POC Act Now

A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Cinema Booking System
NVD GitHub
CVSS 3.1
9.3
EPSS
2.6%
CVE-2024-57427 MEDIUM POC This Month

PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cinema Booking System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy