Skip to main content
CVE-2025-21694 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in __read_vmcore (part 2) Since commit 5cbcb62dddf5 ("fs/proc: fix softlockup in __read_vmcore") the number. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21699 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-13814 MEDIUM This Month

The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Code Injection Global Gallery
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-21830 MEDIUM This Month

Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.3%
CVE-2024-32938 MEDIUM This Month

Uncontrolled search path for some Intel(R) MPI Library for Windows software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Microsoft Intel Privilege Escalation Windows
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-42492 MEDIUM This Month

Uncontrolled search path element in some BIOS and System Firmware Update Package for Intel(R) Server M50FCP family before version R01.02.0002 may allow a privileged user to potentially enable. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-36291 MEDIUM This Month

Uncontrolled search path for some Intel(R) Chipset Software Installation Utility before version 10.1.19867.8574 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-24852 MEDIUM This Month

Uncontrolled search path in some Intel(R) Ethernet Adapter Complete Driver Pack install before versions 29.1 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-29223 MEDIUM This Month

Uncontrolled search path for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation Quickassist Technology
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2025-26360 MEDIUM This Month

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-39284 MEDIUM This Month

Uncontrolled search path for some Intel(R) Advisor software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation Advisor Oneapi Base Toolkit
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-47006 MEDIUM This Month

Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation. Rated medium severity (CVSS 5.4). No vendor patch available.

Microsoft Intel Privilege Escalation Windows
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-42405 MEDIUM This Month

Uncontrolled search path for some Intel(R) Quartus(R) Prime Software before version 23.1.1 Patch 1.01std may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-39372 MEDIUM This Month

Uncontrolled search path for the Intel(R) XTU software for Windows before version 7.14.2.14 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Microsoft Intel Privilege Escalation Windows
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-39365 MEDIUM This Month

Uncontrolled search path for the FPGA Support Package for the Intel(R) oneAPI DPC++/C++ Compiler software for Windows before version 2024.2 may allow an authenticated user to potentially enable. Rated medium severity (CVSS 5.4). No vendor patch available.

Microsoft Intel Privilege Escalation Windows
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-39813 MEDIUM This Month

Uncontrolled search path for some EPCT software before version 1.42.8.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-36280 MEDIUM This Month

Uncontrolled search path for some Intel(R) High Level Synthesis Compiler software before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-41917 MEDIUM This Month

Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software before version 2.4.1 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-36283 MEDIUM This Month

Uncontrolled search path for the Intel(R) Thread Director Visualizer software before version 1.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-42419 MEDIUM This Month

Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA Framework software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2024-38310 MEDIUM This Month

Improper access control in some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2024-32942 MEDIUM This Month

Incorrect default permissions for some Intel(R) DSA installer for Windows before version 24.2.19.5 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Microsoft Intel Privilege Escalation Windows
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-1229 MEDIUM This Month

A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-13539 MEDIUM PATCH This Month

The AForms Eats plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure PHP Aforms Eats
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-1101 MEDIUM This Month

A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Maxtime
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-1228 MEDIUM This Month

A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-13554 MEDIUM PATCH This Month

The The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Extended
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-0113 MEDIUM This Month

A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Paloalto
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1192 MEDIUM This Month

A vulnerability was found in SourceCodester Multi Restaurant Table Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Multi Restaurant Table Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13821 MEDIUM PATCH This Month

The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Booking Calendar
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13794 MEDIUM PATCH This Month

The WP Ghost (Hide My WP Ghost) - Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure WordPress PHP Hide My Wp Ghost
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20097 MEDIUM This Month

Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-30211 MEDIUM This Month

Improper access control in some Intel(R) ME driver pack installer engines before version 2422.6.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.3). No vendor patch available.

Intel Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1186 MEDIUM This Month

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization Xunruicms
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-6097 MEDIUM This Month

In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Telerik Reporting
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-31153 MEDIUM This Month

Improper input validation for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Quickassist Technology
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2023-20508 MEDIUM This Month

Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of. Rated medium severity (CVSS 5.0). No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-26357 MEDIUM This Month

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Maxtime
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-26353 MEDIUM This Month

A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Maxtime
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-26351 MEDIUM This Month

A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Maxtime
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-26350 MEDIUM This Month

A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to upload. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Maxtime
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-1042 MEDIUM This Month

An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-1230 MEDIUM This Month

Stored Cross-Site Scripting (XSS) vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘/<admin_directory>/index.php’, affecting the ‘link’ parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-37020 MEDIUM PATCH This Month

Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Suse
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-21695 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The dell_uart_bl_serdev_probe() function calls devm_serdev_device_open() before. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Null Pointer Dereference Linux Google Denial Of Service +4
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-26021 MEDIUM This Month

Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure
NVD VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2024-25571 MEDIUM This Month

Improper input validation in some Intel(R) SPS firmware before SPS_E5_06.01.04.059.0 may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-26367 MEDIUM This Month

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-13601 MEDIUM PATCH This Month

The Majestic Support - The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Majestic Support
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-13437 MEDIUM This Month

The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Book A Room
NVD
CVSS 3.1
4.3
EPSS
0.2%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy