Skip to main content
CVE-2024-48828 MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Privilege Management vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Privilege Escalation Smartfabric Os10
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-26393 MEDIUM This Month

SolarWinds Service Desk is affected by a broken access control vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-30089 MEDIUM This Month

gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-30143 MEDIUM This Month

Rule 3000216 (before version 2) in Akamai App & API Protector (with Akamai ASE) before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2401 MEDIUM This Month

Buffer overflow vulnerability in Immunity Debugger affecting version 1.85, its exploitation could allow a local attacker to execute arbitrary code, due to the lack of proper boundary checking. Rated medium severity (CVSS 5.4). No vendor patch available.

Buffer Overflow RCE
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-2363 MEDIUM This Month

A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java Vblog
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-2367 MEDIUM This Month

A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-2357 MEDIUM PATCH This Month

A vulnerability was found in DCMTK 3.6.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dcmtk Red Hat Suse
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-2361 MEDIUM PATCH This Month

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Suse
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-8510 MEDIUM This Month

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Path Traversal N Central
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2019-6697 MEDIUM This Month

An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2021-32584 MEDIUM This Month

An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortiwlc
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-2420 MEDIUM This Month

A vulnerability classified as problematic was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2365 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2354 MEDIUM This Month

A vulnerability has been found in VAM Virtual Airlines Manager 2.6.2 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2358 MEDIUM This Month

A vulnerability was found in Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2364 MEDIUM This Month

A vulnerability classified as problematic was found in lenve VBlog up to 1.0.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Vblog
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2020-29010 MEDIUM This Month

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2025-26127 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-2366 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in gougucms 4.08.18. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-2397 MEDIUM This Month

A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-2355 MEDIUM This Month

A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2020-9295 MEDIUM This Month

FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Antivirus Engine
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-40635 MEDIUM PATCH This Month

containerd is an open-source container runtime. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Containerd Debian Linux Red Hat +1
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2021-26087 MEDIUM This Month

An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortiwlc
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-9055 MEDIUM This Month

The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2019-15706 MEDIUM This Month

An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below,. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-0495 MEDIUM PATCH This Month

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Docker Suse
NVD GitHub
CVSS 4.0
4.1
EPSS
0.0%
CVE-2019-17659 LOW Monitor

A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser". Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Fortisiem
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2025-1398 LOW PATCH Monitor

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Mattermost Desktop macOS
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-27512 LOW PATCH Monitor

Zincati is an auto-update agent for Fedora CoreOS hosts. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-27768 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-27767 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-27766 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-27765 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-27764 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-27763 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-27762 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-27761 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-27760 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2024-56506 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2024-56505 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2024-56504 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2024-56503 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2024-56502 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2024-56501 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2024-56500 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2024-56499 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2024-56498 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy