Skip to main content
CVE-2024-12604 MEDIUM This Month

Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025. [CVSS 6.5 MEDIUM]

Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2149 LOW POC Monitor

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. [CVSS 2.5 LOW]

Information Disclosure Pytorch AI / ML
NVD GitHub VulDB
CVSS 3.1
2.5
EPSS
0.0%
CVE-2025-2133 LOW POC Monitor

A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. [CVSS 2.4 LOW]

PHP
NVD GitHub VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-27253 MEDIUM This Month

GE Vernova UR IED devices (versions 7.0-8.60) have a flaw that lets attackers control network settings without proper validation, specifically allowing them to set up unauthorized port forwarding connections. This could let an attacker bypass firewall protections and send harmful traffic across the network. The vulnerability affects industrial control systems used in power generation and distribution environments.

Authentication Bypass
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-27257 MEDIUM This Month

GE Vernova UR IED family devices is affected by insufficient verification of data authenticity (CVSS 6.1).

RCE
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-44192 MEDIUM PATCH This Month

The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. [CVSS 5.5 MEDIUM]

Denial Of Service Apple
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-54473 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. [CVSS 5.5 MEDIUM]

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54463 MEDIUM This Month

This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. [CVSS 5.5 MEDIUM]

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54469 MEDIUM This Month

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. [CVSS 5.5 MEDIUM]

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54560 MEDIUM This Month

A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. [CVSS 5.5 MEDIUM]

Apple Privilege Escalation
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-48610 MEDIUM This Month

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. [CVSS 5.5 MEDIUM]

Denial Of Service macOS iOS Apple
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-52812 MEDIUM PATCH This Month

LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in ...

XSS Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-25620 MEDIUM This Month

Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function. [CVSS 5.4 MEDIUM]

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-2150 MEDIUM This Month

The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email. [CVSS 5.4 MEDIUM]

XSS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27924 MEDIUM This Month

Nintex Automation 5.6 and 5.7 versions up to 5.8 is affected by cross-site scripting (xss) (CVSS 5.4).

XSS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-47109 MEDIUM This Month

IBM Sterling File Gateway 6.0.0.0 versions up to 6.1.2.6 is affected by insufficiently protected credentials (CVSS 5.3).

Authentication Bypass IBM
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-26695 MEDIUM PATCH This Month

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. [CVSS 5.3 MEDIUM]

Mozilla Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-56188 MEDIUM This Month

there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 5.1 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-56185 MEDIUM This Month

In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. [CVSS 5.1 MEDIUM]

Information Disclosure
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-56186 MEDIUM This Month

In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. [CVSS 5.1 MEDIUM]

Information Disclosure
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-56184 MEDIUM This Month

In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. [CVSS 5.1 MEDIUM]

Information Disclosure
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-2148 MEDIUM This Month

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. [CVSS 5.0 MEDIUM]

Buffer Overflow Pytorch AI / ML
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.2%
CVE-2025-0660 MEDIUM PATCH This Month

Concrete CMS versions 9.0.0 versions up to 9.3.9 is affected by improper input validation (CVSS 4.8).

XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-24387 MEDIUM This Month

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. [CVSS 4.8 MEDIUM]

Information Disclosure Suse
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-25616 MEDIUM This Month

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. [CVSS 4.3 MEDIUM]

Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-27926 MEDIUM This Month

In Nintex Automation 5.6 and 5.7 versions up to 5.8 is affected by incorrect default permissions (CVSS 4.3).

Privilege Escalation
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1926 MEDIUM This Month

The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post function. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-26865 LOW PATCH Monitor

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18. [CVSS 3.5 LOW]

Apache
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2025-25615 LOW Monitor

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. [CVSS 2.7 LOW]

Authentication Bypass Tenda
NVD GitHub
CVSS 3.1
2.7
EPSS
0.7%
CVE-2024-54558 LOW Monitor

A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 2.8 LOW]

Denial Of Service macOS iOS Apple
NVD
CVSS 3.1
2.8
EPSS
0.1%
CVE-2024-52905 LOW Monitor

IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 contain an information disclosure flaw that could allow users with elevated privileges to access sensitive database information they shouldn't normally be able to see. This affects organizations using these specific versions of the software. An attacker with administrative or privileged access could exploit this to view confidential data stored in the database.

IBM Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2024-44179 LOW Monitor

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 2.4 LOW]

Denial Of Service Apple macOS iOS
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-27136 PATCH This Week

LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity (XXE) injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML parser is configured to resolve external entities. This allows an attacker to declare an external en...

RCE
NVD GitHub
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy