Skip to main content
CVE-2025-24200 MEDIUM KEV THREAT This Month

An authorization issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 44.2%.

Apple Authentication Bypass
NVD
CVSS 3.1
6.1
EPSS
44.2%
Threat
4.0
CVE-2025-1160 MEDIUM POC This Month

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Employee Management System
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-46437 MEDIUM POC This Month

A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure W18E Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1155 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qloapps
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-1159 MEDIUM POC This Month

A vulnerability was found in CampCodes School Management Software 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS School Management Software
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-54658 MEDIUM PATCH This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-25247 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole.x up to 4.9.8 and 5.x up to 5.0.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Felix Webconsole Red Hat
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2024-13010 MEDIUM This Month

The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-10649 MEDIUM This Month

wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass XSS Denial Of Service
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2024-57178 MEDIUM This Month

An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-25188 MEDIUM PATCH This Month

Hickory DNS is a Rust based DNS client, server, and resolver. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-12243 MEDIUM PATCH This Month

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2024-11831 MEDIUM PATCH This Month

A flaw was found in npm-serialize-javascript. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Node.js
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2025-25190 MEDIUM This Month

The ZOO-Project is an open source processing platform. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
5.5
EPSS
0.4%
CVE-2025-25193 MEDIUM PATCH This Month

Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Microsoft Denial Of Service Netty Windows Red Hat +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21691 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cachestat: fix page cache statistics permission checking When the 'cachestat()' system call was added in commit cf264e1329fb. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57950 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 [WHAT & HOW] Variables, used as denominators and maybe not assigned to other. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Linux Information Disclosure Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21690 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-12133 MEDIUM PATCH This Month

A flaw in libtasn1 causes inefficient handling of specific certificate data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2025-1154 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in xxyopen Novel up to 3.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1158 MEDIUM This Month

A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1157 MEDIUM This Month

A vulnerability was found in Allims lab.online up to 20250201 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-24031 MEDIUM PATCH This Month

PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Red Hat Suse
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-21688 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Assign job pointer to NULL before signaling the fence In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL. Rated medium severity (CVSS 4.7).

Google Linux Race Condition Denial Of Service Linux Kernel +3
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-8685 MEDIUM This Month

Path-Traversal vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-25194 MEDIUM This Month

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-1162 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Job Recruitment
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-25189 MEDIUM This Month

The ZOO-Project is an open source processing platform. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-1156 MEDIUM This Month

A vulnerability has been found in Pix Software Vivaz 6.0.10 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1002 MEDIUM This Month

MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dicom Viewer
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-46430 MEDIUM POC This Week

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W18E Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-42513 MEDIUM PATCH This Month

Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ua Net Standard Stack
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-57409 MEDIUM POC Monitor

A stored cross-site scripting (XSS) vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Cool Admin Java
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-48170 MEDIUM This Month

PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Small Crm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-25186 MEDIUM PATCH This Month

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-21689 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-1175 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4, in versions between 3.2C and 5.1K. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy