Skip to main content
CVE-2025-23766 MEDIUM This Month

Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments allows Exploiting Incorrectly Configured Access Control Security Levels.6.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52895 MEDIUM This Month

IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-13735 MEDIUM PATCH This Month

The HurryTimer - An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Hurrytimer
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-25204 MEDIUM PATCH This Month

`gh` is GitHub’s official command line tool. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-22702 MEDIUM This Month

Missing Authorization vulnerability in EPC Photography.5.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-22698 MEDIUM This Month

Missing Authorization vulnerability in Ability, Inc Accessibility Suite by Online ADA allows Exploiting Incorrectly Configured Access Control Security Levels.16. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-13641 MEDIUM PATCH This Month

The Return Refund and Exchange For WooCommerce - Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft WordPress Information Disclosure Return Refund And Exchange For Woocommerce
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-24607 MEDIUM This Month

Missing Authorization vulnerability in Northern Beaches Websites IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.71. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-10404 MEDIUM This Month

CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-13692 MEDIUM PATCH This Month

The Return Refund and Exchange For WooCommerce - Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft WordPress Authentication Bypass Return Refund And Exchange For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-57790 MEDIUM This Month

IXON B.V. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25290 MEDIUM PATCH This Month

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-25285 MEDIUM PATCH This Month

@octokit/endpoint turns REST API endpoints into generic request options. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-25289 MEDIUM PATCH This Month

@octokit/request-error is an error class for Octokit request errors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-25288 MEDIUM PATCH This Month

@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-23406 MEDIUM This Month

Out-of-bounds read vulnerability caused by improper checking of TCP MSS option values exists in Cente middleware TCP/IP Network Series, which may lead to processing a specially crafted packet to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2025-26524 MEDIUM This Month

This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.8%
CVE-2025-0178 MEDIUM This Month

Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Fireware
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-13791 MEDIUM PATCH This Month

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

WordPress Path Traversal Bit Assist
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-1239 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
4.8
EPSS
0.3%
CVE-2025-1071 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fireware
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-56463 MEDIUM PATCH This Month

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2022-28693 MEDIUM PATCH This Month

Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.7).

Intel Information Disclosure Red Hat Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-57969 MEDIUM PATCH This Month

app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

PHP Authentication Bypass Misp
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31144 LOW PATCH Monitor

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overview Xapi contains functionality to backup and restore metadata about Virtual. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Information Disclosure Xapi
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-0503 LOW Monitor

Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mattermost Server
NVD
CVSS 3.1
3.1
EPSS
0.4%
CVE-2024-3220 LOW Monitor

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Python Information Disclosure Apple Windows +1
NVD
CVSS 4.0
2.3
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy