Skip to main content
CVE-2025-23243 MEDIUM This Month

NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service. [CVSS 6.5 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-28874 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BP Email Assign Templates: from n/a through 1.6. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-49823 MEDIUM This Month

IBM Common Cryptographic Architecture 7.0.0 versions up to 7.5.51 is affected by out-of-bounds write (CVSS 6.5).

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-28930 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodolphe MOULIN List Mixcloud allows Stored XSS. This issue affects List Mixcloud: from n/a through 1.4. [CVSS 6.5 MEDIUM]

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-28929 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vivek Marakana Tabbed Login Widget allows Stored XSS. This issue affects Tabbed Login Widget: from n/a through 1.1.2. [CVSS 6.5 MEDIUM]

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-28919 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shellbot Easy Image Display allows Stored XSS. This issue affects Easy Image Display: from n/a through 1.2.5. [CVSS 6.5 MEDIUM]

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-28918 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A. Jones Featured Image Thumbnail Grid allows Stored XSS. [CVSS 6.5 MEDIUM]

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22340 MEDIUM This Month

IBM's Common Cryptographic Architecture (versions 7.0.0-7.5.51) contains a timing vulnerability in ECDSA signature generation that leaks sensitive information through how long the operation takes to complete. Attackers can exploit this timing difference to deduce the private signing key through repeated observations of signature creation times. Any organization using affected IBM CCA versions for cryptographic operations is at risk of having their ECDSA private keys compromised.

IBM Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-28879 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aumsrini Bee Layer Slider allows Stored XSS. This issue affects Bee Layer Slider: from n/a through 1.1. [CVSS 6.5 MEDIUM]

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-28870 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in amocrm amoCRM WebForm allows DOM-Based XSS. This issue affects amoCRM WebForm: from n/a through 1.1. [CVSS 6.5 MEDIUM]

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-37787 MEDIUM This Month

The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module [CVSS 6.5 MEDIUM]

SQLi
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0149 MEDIUM This Month

Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access. [CVSS 6.5 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26704 MEDIUM This Month

Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. [CVSS 6.4 MEDIUM]

Privilege Escalation
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-2211 LOW POC Monitor

A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sysDictDetail/add. [CVSS 2.4 LOW]

XSS
NVD GitHub VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-2210 LOW POC Monitor

A vulnerability has been found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /sysJob/add. [CVSS 2.4 LOW]

XSS
NVD GitHub VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-2209 LOW POC Monitor

A vulnerability, which was classified as problematic, was found in aitangbao springboot-manager 3.0. Affected is an unknown function of the file /sysDict/add. [CVSS 2.4 LOW]

XSS
NVD GitHub VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-2208 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in aitangbao springboot-manager 3.0. This issue affects some unknown processing of the file /sysFiles/upload of the component Filename Handler. [CVSS 2.4 LOW]

XSS
NVD GitHub VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-2207 LOW POC Monitor

A vulnerability classified as problematic was found in aitangbao springboot-manager 3.0. This vulnerability affects unknown code of the file /sys/dept. [CVSS 2.4 LOW]

XSS
NVD GitHub VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-2206 LOW POC Monitor

A vulnerability classified as problematic has been found in aitangbao springboot-manager 3.0. This affects an unknown part of the file /sys/permission. [CVSS 2.4 LOW]

XSS
NVD GitHub VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-23384 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2.1), SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) (All versions < V8.2.1), SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2.1), SCALANCE SC-600 family (All versions). [CVSS 3.7 LOW]

Information Disclosure Siemens
NVD
CVSS 4.0
6.3
EPSS
0.1%
CVE-2024-13413 MEDIUM This Month

The ProductDyno plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘res’ parameter in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2025-27789 MEDIUM PATCH This Month

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the `.replace` method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to `.replace`). Generated code is vulnerable if all t...

Denial Of Service
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-25267 MEDIUM This Month

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict the scope of files accessible to the simulation model. [CVSS 6.2 MEDIUM]

Path Traversal Information Disclosure
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-1434 MEDIUM This Month

The Spreadsheet view is vulnerable to a XSS attack, where a remote unauthorised attacker can read a limited amount of values or DoS the affected spreadsheet. Disclosure of secrets or other system settings is not affected as well as other spreadsheets still work as expected. [CVSS 6.1 MEDIUM]

XSS Denial Of Service
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-26659 MEDIUM This Month

SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI functionality. [CVSS 6.1 MEDIUM]

XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-25242 MEDIUM This Month

SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity. [CVSS 6.1 MEDIUM]

XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-13436 MEDIUM This Month

The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on the 'appsero_helper' page. [CVSS 6.1 MEDIUM]

WordPress
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-28943 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mylo2h2s DP ALTerminator - Missing ALT manager allows Stored XSS. This issue affects DP ALTerminator - Missing ALT manager: from n/a through 1.0.2. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28937 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lavacode Lava Ajax Search allows Stored XSS. This issue affects Lava Ajax Search: from n/a through 1.1.9. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28936 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sakurapixel Lunar allows Stored XSS. This issue affects Lunar: from n/a through 1.3.0. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28926 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in popeating Post Read Time allows Stored XSS. This issue affects Post Read Time: from n/a through 1.2.6. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28914 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Sharma wordpress login form to anywhere allows Stored XSS. This issue affects wordpress login form to anywhere: from n/a through 0.2. [CVSS 5.9 MEDIUM]

WordPress XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28907 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rahul Arora WP Last Modified allows Stored XSS. This issue affects WP Last Modified: from n/a through 0.1. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28908 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pipdig pipDisqus allows Stored XSS. This issue affects pipDisqus: from n/a through 1.6. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28878 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Will Brubaker Awesome Surveys allows Stored XSS. This issue affects Awesome Surveys: from n/a through 2.0.10. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28875 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Email Assign Templates allows Stored XSS. This issue affects BP Email Assign Templates: from n/a through 1.6. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28871 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jwpegram Block Spam By Math Reloaded allows Stored XSS. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-27893 LOW POC Monitor

In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. [CVSS 1.8 LOW]

RCE
NVD GitHub
CVSS 3.1
1.8
EPSS
0.1%
CVE-2024-58102 MEDIUM This Month

An issue was discovered in Datalust Seq versions up to 2024.3.13545. is affected by uncontrolled recursion (CVSS 5.7).

Denial Of Service
NVD GitHub
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-25244 MEDIUM This Month

SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. [CVSS 5.7 MEDIUM]

Authentication Bypass SAP
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2023-42784 MEDIUM This Month

FortiWeb, a web application firewall made by Fortinet, has a flaw where it doesn't properly validate certain malformed HTTP requests, allowing attackers to execute unauthorized code or commands on affected systems. The vulnerability impacts multiple versions of FortiWeb (7.0.0-7.0.10, 7.2.0-7.2.10, and 7.4.0-7.4.6). An attacker could exploit this by sending specially crafted requests to gain control of the system and run arbitrary commands.

Fortinet
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2024-55597 MEDIUM This Month

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests. [CVSS 5.5 MEDIUM]

Fortinet Path Traversal
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-24992 MEDIUM This Month

Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. [CVSS 5.5 MEDIUM]

Windows Microsoft
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-27180 MEDIUM This Month

Substance3D - Modeler versions 1.15.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. [CVSS 5.5 MEDIUM]

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24449 MEDIUM This Month

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. [CVSS 5.5 MEDIUM]

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24448 MEDIUM This Month

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. [CVSS 5.5 MEDIUM]

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24431 MEDIUM This Month

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. [CVSS 5.5 MEDIUM]

Buffer Overflow Adobe Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-27163 MEDIUM This Month

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. [CVSS 5.5 MEDIUM]

Buffer Overflow Adobe Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-27164 MEDIUM This Month

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. [CVSS 5.5 MEDIUM]

Buffer Overflow Adobe Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21170 MEDIUM This Month

Substance3D - Modeler versions 1.15.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. [CVSS 5.5 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 5 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy