Skip to main content
CVE-2024-12576 MEDIUM This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a crash of the FW running on the GPU freezing graphics output. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21841 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Fix cpufreq_policy ref counting amd_pstate_update_limits() takes a cpufreq_policy reference but doesn't. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Linux Information Disclosure Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21836 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-26643 MEDIUM This Month

The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Authentication Bypass Edge Chromium Chrome
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-35894 MEDIUM This Month

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling Control Center
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-12611 MEDIUM This Month

The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass XSS School Management System
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-13904 MEDIUM PATCH This Month

The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Platform Ly For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-12610 MEDIUM This Month

The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass School Management System
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-48864 MEDIUM This Month

A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal File Station
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13086 MEDIUM This Month

An exposure of sensitive information vulnerability has been reported to affect product. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qts Quts Hero
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-43052 MEDIUM This Month

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Control Center
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-53700 MEDIUM This Month

A command injection vulnerability has been reported to affect QHora. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-50405 MEDIUM This Month

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Code Injection Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-53692 MEDIUM This Month

A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-53696 MEDIUM This Month

A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Qulog Center Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-27796 MEDIUM PATCH This Month

ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Buffer Overflow Graphicsmagick Suse
NVD
CVSS 3.1
4.5
EPSS
0.1%
CVE-2025-27795 MEDIUM PATCH This Month

ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Graphicsmagick Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-13635 MEDIUM This Month

The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13552 MEDIUM This Month

The SupportCandy - Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass File Upload
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-25617 MEDIUM This Month

Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13526 MEDIUM This Month

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Eventprime
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-0748 MEDIUM This Month

The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-26708 MEDIUM This Month

There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.2
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy