Skip to main content
CVE-2024-47262 MEDIUM This Month

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-8000 MEDIUM This Month

On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-1969 MEDIUM This Month

Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-27150 MEDIUM PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Redis Tuleap
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2019-1815 MEDIUM This Month

A security vulnerability was discovered in the local status page functionality of Cisco Meraki’s MX67 and MX68 security appliance models that may allow unauthenticated individuals to access and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2020-3122 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Asyncos
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2024-58049 MEDIUM This Month

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2024-58047 MEDIUM This Month

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-1425 MEDIUM This Month

A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on the device.6.8.3671. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
4.7
EPSS
0.0%
CVE-2025-27402 MEDIUM PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Tuleap
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-1935 MEDIUM PATCH This Month

A web page could trick a user into setting that site as the default handler for a custom URL protocol. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-13724 MEDIUM PATCH This Month

The Wallet System for WooCommerce - Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Wallet System For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-27425 MEDIUM This Month

Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Mozilla
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13686 MEDIUM PATCH This Month

The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vw_storefront_reset_all_settings() function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Vw Storefront
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-26202 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings (2.4GHz & 5GHz bands) in DZS Router Web Interface. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-27424 MEDIUM This Month

Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Open Redirect Mozilla
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-13682 MEDIUM PATCH This Month

The Wallet System for WooCommerce - Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress PHP CSRF Wallet System For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27156 MEDIUM PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tuleap
NVD GitHub
CVSS 3.1
4.1
EPSS
0.2%
CVE-2025-27220 MEDIUM PATCH This Month

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cgi Red Hat Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.6%
CVE-2025-1939 LOW Monitor

Android apps can load web pages using the Custom Tabs feature. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
3.9
EPSS
0.0%
CVE-2025-24301 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-23414 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-23409 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-24309 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-23420 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-23240 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-22835 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-21084 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-20081 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-20024 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-20626 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-20091 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-0587 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2024-47259 LOW Monitor

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection File Upload Axis Os Axis Os 2024
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-23418 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-23234 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-22897 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-22847 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-22841 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-22837 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-22443 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-21097 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-21089 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-20021 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-20011 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-27221 LOW PATCH Monitor

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Uri
NVD GitHub
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-1953 LOW Monitor

A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Rated low severity (CVSS 2.1). No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy