Skip to main content
CVE-2025-23579 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound DZS Ajaxer Lite allows Stored XSS.04. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23480 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound RSVP ME allows Stored XSS.9.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20649 MEDIUM This Month

In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Software Development Kit Openwrt
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20653 MEDIUM This Month

In da, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-0684 MEDIUM PATCH This Month

A flaw was found in grub2. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow RCE Grub2
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-0686 MEDIUM PATCH This Month

A flaw was found in grub2. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow RCE Grub2
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-0685 MEDIUM PATCH This Month

A flaw was found in grub2. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow RCE Grub2
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-23440 MEDIUM This Month

Missing Authorization vulnerability in radicaldesigns radSLIDE allows Exploiting Incorrectly Configured Access Control Security Levels.1. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-26984 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in the SMS Alert Order Notifications WordPress plugin through version 3.7.8 enables remote attackers to execute arbitrary JavaScript in victim browsers by tricking users into clicking malicious links. The vulnerability carries a CVSS score of 7.1 due to changed scope (cross-domain consequences), though exploitation requires user interaction. EPSS probability is low (0.08%, 25th percentile), indicating limited observed exploitation activity. No CISA KEV listing confirms active widespread exploitation, though Patchstack's vulnerability database disclosure suggests the flaw may be targeted in WordPress-specific attack campaigns.

WordPress XSS Sms Alert Order Notifications
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-25939 MEDIUM This Month

Reprise License Manager 14.2 is vulnerable to reflected cross-site scripting in /goform/activate_process via the akey parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Reprise License Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-45779 MEDIUM PATCH This Month

An integer overflow flaw was found in the BFS file system driver in grub2. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Grub2
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2025-27273 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winking Affiliate Links Manager allows Reflected XSS.0. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-27498 MEDIUM PATCH This Month

aes-gcm is a pure Rust implementation of the AES-GCM. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. No vendor patch available.

Jwt Attack Information Disclosure
NVD GitHub
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-1845 MEDIUM This Month

A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dsm
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.2%
CVE-2024-53025 MEDIUM This Month

Transient DOS can occur while processing UCI command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Fastconnect 7800 Firmware Sm8750 Firmware Sm8750p Firmware +15
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-43056 MEDIUM This Month

Transient DOS during hypervisor virtual I/O operation in a virtual machine. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +183
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-43051 MEDIUM This Month

Information disclosure while deriving keys for a session for any Widevine use case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +234
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-45778 MEDIUM PATCH This Month

A stack overflow flaw was found when reading a BFS file system. Rated medium severity (CVSS 4.1). No vendor patch available.

Integer Overflow Denial Of Service Grub2 Openshift Container Platform Enterprise Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20648 MEDIUM This Month

In apu, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27094 MEDIUM PATCH This Month

Tuleap is an open-source suite designed to improve software development management and collaboration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Tuleap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-55570 MEDIUM This Month

/api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-38426 MEDIUM This Month

While processing the authentication message in UE, improper authentication may lead to information disclosure. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass 315 5g Iot Firmware 9205 Lte Firmware Ar8035 Firmware +160
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-8186 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27585 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Academia Student Information System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27584 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Academia Student Information System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27579 MEDIUM This Month

In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-55064 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC NetScope <= 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the (1) smtp_server, (2) smtp_account, (3). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dc Netscope
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-54179 MEDIUM This Month

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Business Automation Workflow
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25280 MEDIUM This Month

Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-1844 MEDIUM This Month

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cdg
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1881 MEDIUM This Month

A vulnerability was found in i-Drive i11 and i12 up to 20250227. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure I11 Firmware I12 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1842 MEDIUM This Month

A vulnerability classified as problematic was found in FITSTATS Technologies AthleteMonitoring up to 20250302. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-30154 MEDIUM This Month

HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Hcl Sx
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-0287 MEDIUM This Month

Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference RCE Privilege Escalation Denial Of Service Paragon Backup Recovery +5
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-27274 MEDIUM This Month

Path Traversal vulnerability in NotFound GPX Viewer allows Path Traversal.2.11. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2024-51966 MEDIUM This Month

There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arcgis Server
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-51958 MEDIUM This Month

There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arcgis Server
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-5888 MEDIUM This Month

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-51963 MEDIUM This Month

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and follow that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-51960 MEDIUM This Month

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-51959 MEDIUM This Month

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-51957 MEDIUM This Month

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-51956 MEDIUM This Month

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-51953 MEDIUM This Month

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-51952 MEDIUM This Month

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-51951 MEDIUM This Month

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-51950 MEDIUM This Month

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-51949 MEDIUM This Month

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-51948 MEDIUM This Month

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-51947 MEDIUM This Month

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
4.8
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy