Skip to main content
CVE-2025-1944 MEDIUM POC PATCH This Month

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise a BadZipFile error. However, PyTorch's more forgiving ZIP implementation still allows the mod...

Denial Of Service Authentication Bypass Pytorch AI / ML
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2151 MEDIUM POC PATCH This Month

A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. [CVSS 6.3 MEDIUM]

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.6%
CVE-2025-2152 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. [CVSS 6.3 MEDIUM]

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-57492 MEDIUM POC This Month

An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the round_up_to_page funciton. [CVSS 5.5 MEDIUM]

Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-53307 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. [CVSS 5.4 MEDIUM]

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25908 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save. [CVSS 5.4 MEDIUM]

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-55199 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser. [CVSS 5.4 MEDIUM]

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-2147 MEDIUM POC This Month

A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0. It has been classified as problematic. [CVSS 5.3 MEDIUM]

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-2153 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. [CVSS 5.0 MEDIUM]

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-56187 MEDIUM This Month

In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. [CVSS 6.6 MEDIUM]

Information Disclosure
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2024-54467 MEDIUM PATCH This Month

A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. [CVSS 6.5 MEDIUM]

Apple Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-1296 MEDIUM PATCH This Month

Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19. [CVSS 6.5 MEDIUM]

Information Disclosure Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-12604 MEDIUM This Month

Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025. [CVSS 6.5 MEDIUM]

Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-27253 MEDIUM This Month

GE Vernova UR IED devices (versions 7.0-8.60) have a flaw that lets attackers control network settings without proper validation, specifically allowing them to set up unauthorized port forwarding connections. This could let an attacker bypass firewall protections and send harmful traffic across the network. The vulnerability affects industrial control systems used in power generation and distribution environments.

Authentication Bypass
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-27257 MEDIUM This Month

GE Vernova UR IED family devices is affected by insufficient verification of data authenticity (CVSS 6.1).

RCE
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-44192 MEDIUM PATCH This Month

The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. [CVSS 5.5 MEDIUM]

Denial Of Service Apple
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-54473 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. [CVSS 5.5 MEDIUM]

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54463 MEDIUM This Month

This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. [CVSS 5.5 MEDIUM]

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54469 MEDIUM This Month

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. [CVSS 5.5 MEDIUM]

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54560 MEDIUM This Month

A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. [CVSS 5.5 MEDIUM]

Apple Privilege Escalation
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-48610 MEDIUM This Month

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. [CVSS 5.5 MEDIUM]

Denial Of Service macOS iOS Apple
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-52812 MEDIUM PATCH This Month

LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in ...

XSS Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-25620 MEDIUM This Month

Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function. [CVSS 5.4 MEDIUM]

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-2150 MEDIUM This Month

The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email. [CVSS 5.4 MEDIUM]

XSS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27924 MEDIUM This Month

Nintex Automation 5.6 and 5.7 versions up to 5.8 is affected by cross-site scripting (xss) (CVSS 5.4).

XSS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-47109 MEDIUM This Month

IBM Sterling File Gateway 6.0.0.0 versions up to 6.1.2.6 is affected by insufficiently protected credentials (CVSS 5.3).

Authentication Bypass IBM
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-26695 MEDIUM PATCH This Month

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. [CVSS 5.3 MEDIUM]

Mozilla Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-56188 MEDIUM This Month

there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 5.1 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-56185 MEDIUM This Month

In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. [CVSS 5.1 MEDIUM]

Information Disclosure
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-56186 MEDIUM This Month

In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. [CVSS 5.1 MEDIUM]

Information Disclosure
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-56184 MEDIUM This Month

In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. [CVSS 5.1 MEDIUM]

Information Disclosure
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-2148 MEDIUM This Month

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. [CVSS 5.0 MEDIUM]

Buffer Overflow Pytorch AI / ML
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.2%
CVE-2025-0660 MEDIUM PATCH This Month

Concrete CMS versions 9.0.0 versions up to 9.3.9 is affected by improper input validation (CVSS 4.8).

XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-24387 MEDIUM This Month

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. [CVSS 4.8 MEDIUM]

Information Disclosure Suse
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-25616 MEDIUM This Month

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. [CVSS 4.3 MEDIUM]

Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-27926 MEDIUM This Month

In Nintex Automation 5.6 and 5.7 versions up to 5.8 is affected by incorrect default permissions (CVSS 4.3).

Privilege Escalation
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1926 MEDIUM This Month

The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post function. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy