Skip to main content
CVE-2025-29904 MEDIUM This Month

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Ktor
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-1984 MEDIUM This Month

Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-29903 MEDIUM This Month

In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Runtime macOS
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-2215 MEDIUM This Month

A vulnerability classified as critical was found in Doufox up to 0.2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-2078 MEDIUM This Month

The BlogBuzzTime for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS Blogbuzztime For Wp PHP
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-2076 MEDIUM This Month

The binlayerpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS Binlayerpress PHP
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-22870 MEDIUM PATCH This Month

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-52362 MEDIUM This Month

IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service App Connect Enterprise Certified Containers Operands App Connect Operator
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13430 MEDIUM PATCH This Month

The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure Authentication Bypass Pagelayer
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34398 MEDIUM This Month

An issue was discovered in BMC Remedy Mid Tier 7.6.04. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

XSS Remedy Mid Tier
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-20144 MEDIUM This Month

A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Authentication Bypass Cisco Ios Xr
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-2002 MEDIUM This Month

of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device. Rated medium severity (CVSS 4.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
4.0
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy