Skip to main content
CVE-2025-0837 MEDIUM This Month

The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-20615 MEDIUM This Month

The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Qardio iOS
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-13867 MEDIUM This Month

The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Listivo
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2025-0426 MEDIUM PATCH This Month

A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-1271 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS H6Web
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-24836 MEDIUM This Month

With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Python Information Disclosure
NVD
CVSS 4.0
6.1
EPSS
0.1%
CVE-2025-26561 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elfsight Elfsight Yottie Lite allows Stored XSS.3.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-12054 MEDIUM This Month

ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2024-12012 MEDIUM This Month

A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-53311 MEDIUM This Month

A Stack buffer overflow in the arguments parameter in Immunity Inc. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-53310 MEDIUM This Month

A Structured Exception Handler based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when a specially crafted file is passed to the -ff parameter. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-53309 MEDIUM This Month

A stack-based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when an overly long string is passed to the "-f" parameter. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-23411 MEDIUM This Month

mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mypro
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-47264 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Path Traversal Active Backup For Business Agent
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-34404 MEDIUM This Month

Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-25900 MEDIUM This Month

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Buffer Overflow Denial Of Service Tl Wr841Nd V11 Firmware
NVD GitHub
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-34403 MEDIUM This Month

Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-25287 MEDIUM This Month

Lakeus is a simple skin made for MediaWiki. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-21701 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-37601 MEDIUM This Month

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-37603 MEDIUM This Month

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-37602 MEDIUM This Month

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Null Pointer Dereference Denial Of Service Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-24889 MEDIUM This Month

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
4.5
EPSS
0.1%
CVE-2024-13639 MEDIUM PATCH This Month

The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Read More Accordion
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-25195 MEDIUM This Month

Zulip is an open source team chat application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-0661 MEDIUM PATCH This Month

The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicate_post() function due to insufficient restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure Authentication Bypass Dethemekit For Elementor PHP +1
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13229 MEDIUM PATCH This Month

The Rank Math SEO - AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Seo
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1198 MEDIUM This Month

An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2023-34401 LOW Monitor

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Buffer Overflow Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
3.7
EPSS
0.3%
CVE-2025-25899 LOW Monitor

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

TP-Link Buffer Overflow Denial Of Service Tl Wr841Nd V11 Firmware
NVD GitHub
CVSS 3.1
3.5
EPSS
0.1%
CVE-2023-34406 LOW Monitor

An issue was discovered on Mercedes Benz NTG 6. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-47266 LOW Monitor

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Path Traversal Active Backup For Business Agent
NVD
CVSS 3.1
2.7
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy