Skip to main content
CVE-2025-26355 MEDIUM This Month

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Maxtime
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-0144 MEDIUM This Month

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a buffer overflow issue by means of a specially crafted JPEG2000 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-0145 MEDIUM This Month

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow Heap Overflow RCE
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-42410 MEDIUM This Month

Improper input validation in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2024-0143 MEDIUM This Month

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Memory Corruption Buffer Overflow RCE
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-0142 MEDIUM This Month

NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Memory Corruption Buffer Overflow RCE
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-21859 MEDIUM This Month

Improper buffer restrictions in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.8). No vendor patch available.

Information Disclosure Intel Buffer Overflow
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2024-36293 MEDIUM PATCH This Month

Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Denial Of Service Red Hat Suse
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2024-39279 MEDIUM PATCH This Month

Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Red Hat Suse
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2024-31157 MEDIUM PATCH This Month

Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.8). No vendor patch available.

Intel Information Disclosure Red Hat Suse
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2024-28047 MEDIUM PATCH This Month

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.8). No vendor patch available.

Intel Information Disclosure Red Hat Suse
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-26352 MEDIUM This Month

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Maxtime
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2025-26373 MEDIUM This Month

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-26376 MEDIUM This Month

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-26374 MEDIUM This Month

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-0506 MEDIUM This Month

The Rise Blocks - A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titleTag parameter in all versions up to, and including, 3.6 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13459 MEDIUM This Month

The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusedesk_newcase' shortcode in all versions up to, and including, 6.6.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13456 MEDIUM This Month

The Easy Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wqt-question' shortcode in all versions up to, and including, 2.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Easy Quiz Maker
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13701 MEDIUM PATCH This Month

The Liveticker (by stklcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'liveticker' shortcode in all versions up to, and including, 1.2.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Liveticker
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-11746 MEDIUM PATCH This Month

The Discover the Best Woocommerce Product Brands Plugin for WordPress - Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_brand'. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Woocommerce Brands
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13665 MEDIUM PATCH This Month

The Admire Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'space' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Admire Extra
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13658 MEDIUM PATCH This Month

The NGG Smart Image Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hr_SIS_nextgen_searchbox' shortcode in all versions up to, and including, 3.2.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ngg Smart Image Search
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-10322 MEDIUM PATCH This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Brizy
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13769 MEDIUM This Month

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass XSS Puzzles
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1215 LOW POC PATCH Monitor

A vulnerability classified as problematic was found in vim up to 9.1.1096. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Vim Bootstrap Os Bootstrap
NVD GitHub VulDB
CVSS 4.0
2.4
EPSS
0.0%
CVE-2025-1207 LOW POC Monitor

A vulnerability was found in phjounin TFTPD64 4.64. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2024-51122 MEDIUM This Month

Cross Site Scripting vulnerability in Zertificon Z1 SecureMail Z1 CertServer v.3.16.4-2516-debian12 alllows a remote attacker to execute arbitrary code via the ST, L, O, OU, CN parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-13749 MEDIUM PATCH This Month

The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress CSRF XSS Stafflist
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-49780 MEDIUM This Month

Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2024-41166 MEDIUM This Month

Stack-based buffer overflow in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Stack Overflow Intel Buffer Overflow Denial Of Service Microsoft +1
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-40887 MEDIUM This Month

Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Intel Race Condition Denial Of Service Windows
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2024-39606 MEDIUM This Month

Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Intel Denial Of Service Windows
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2024-29172 MEDIUM This Month

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Denial Of Service Bsafe Ssl J
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-29171 MEDIUM This Month

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Bsafe Ssl J
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-29164 MEDIUM This Month

Improper access control in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, before version 02.01.0017 and Intel(R) Server Board M50CYP. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
5.8
EPSS
0.1%
CVE-2024-39779 MEDIUM This Month

Stack-based buffer overflow in some drivers for Intel(R) Ethernet Connection I219 Series before version 12.19.1.39 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Buffer Overflow Stack Overflow Denial Of Service
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-39797 MEDIUM This Month

Improper access control in some drivers for Intel(R) Ethernet Connection I219 Series before version 12.19.1.39 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Denial Of Service
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2024-36285 MEDIUM This Month

Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 5.7). No vendor patch available.

Microsoft Intel Race Condition Denial Of Service Windows
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2024-39355 MEDIUM PATCH This Month

Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Suse
NVD VulDB
CVSS 4.0
5.7
EPSS
0.0%
CVE-2020-3432 MEDIUM This Month

A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Anyconnect Secure Mobility Client macOS
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2023-48366 MEDIUM This Month

Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Race Condition
NVD VulDB
CVSS 4.0
5.6
EPSS
0.0%
CVE-2024-31068 MEDIUM PATCH This Month

Improper Finite State Machines (FSMs) in Hardware Logic for some Intel(R) Processors may allow privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Denial Of Service Red Hat Suse
NVD VulDB
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-26358 MEDIUM This Month

A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Maxtime
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2025-26348 MEDIUM This Month

A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal to version. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Maxtime
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-26346 MEDIUM This Month

A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserGroupMenu endpoint) in Q-Free MaxTime less than or equal to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Maxtime
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-21971 MEDIUM This Month

Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Amd Denial Of Service Windows
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-1102 MEDIUM This Month

A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Maxtime
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57952 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Revert "libfs: fix infinite directory reads for offset dir" The current directory offset allocator (based on mtree_alloc_cyclic). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Huawei Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21697 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure job pointer is set to NULL after job completion After a job completes, the corresponding pointer in the device must. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21696 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: clear uffd-wp PTE/PMD state on mremap() When mremap()ing a memory region previously registered with userfaultfd as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy