Skip to main content
CVE-2025-31545 MEDIUM This Month

Missing Authorization vulnerability in WP Messiah Safe Ai Malware Protection for WP allows Exploiting Incorrectly Configured Access Control Security Levels.0.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-55093 MEDIUM PATCH This Month

phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required.

XSS Phpipam
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-31124 MEDIUM PATCH This Month

Zitadel is open-source identity infrastructure software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Zitadel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2025-30428 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-31588 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in elfsight Elfsight Testimonials Slider allows Cross Site Request Forgery.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-29908 MEDIUM PATCH This Month

Netty QUIC codec is a QUIC codec for netty which makes use of quiche. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2025-31533 MEDIUM This Month

Missing Authorization vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms allows Accessing Functionality Not Properly Constrained by ACLs.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-30209 MEDIUM PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Tuleap
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-3019 MEDIUM This Month

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Business Hub
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3059 MEDIUM This Month

Vulnerability in Drupal Profile Private.*. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Profile Private Drupal
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-31618 MEDIUM This Month

Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace allows Exploiting Incorrectly Configured Access Control Security Levels.0.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-31386 MEDIUM This Month

Missing Authorization vulnerability in Simplepress Simple:Press allows Exploiting Incorrectly Configured Access Control Security Levels.10.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-2982 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Legrand SMS PowerView 1.x. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3009 MEDIUM This Month

A vulnerability classified as critical was found in Jinher Network OA C6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3003 MEDIUM This Month

A vulnerability, which was classified as critical, was found in ESAFENET CDG 3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3037 MEDIUM This Month

A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2072 MEDIUM This Month

A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-2983 MEDIUM This Month

A vulnerability has been found in Legrand SMS PowerView 1.x and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-3008 MEDIUM This Month

A vulnerability classified as critical has been found in Novastar CX40 up to 2.44.0. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-3026 MEDIUM This Month

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-3027 MEDIUM This Month

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Ejbca
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-2981 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in Legrand SMS PowerView 1.x. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2980 MEDIUM This Month

A vulnerability classified as problematic was found in Legrand SMS PowerView 1.x. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3007 MEDIUM This Month

A vulnerability was found in Novastar CX40 up to 2.44.0. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-24248 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-30434 MEDIUM This Month

The issue was addressed with improved input sanitization. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple XSS Ipados Iphone Os iOS
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-24097 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-24203 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-31682 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Google Tag allows Cross-Site Scripting (XSS).0.0 before 1.8.0, from 2.0.0 before 2.0.8. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS Google Tag Drupal
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2025-30203 MEDIUM PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tuleap
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-3001 MEDIUM PATCH This Month

A vulnerability classified as critical was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-31606 MEDIUM This Month

Missing Authorization vulnerability in softpulseinfotech SP Blog Designer allows Exploiting Incorrectly Configured Access Control Security Levels.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-2999 MEDIUM PATCH This Month

A vulnerability was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-2998 MEDIUM This Month

A vulnerability was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3000 MEDIUM This Month

A vulnerability classified as critical has been found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3017 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4.c of the component ta_regtest. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3010 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2023-33302 MEDIUM This Month

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Fortinet Fortimail Fortindr
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2025-24240 MEDIUM This Month

A race condition was addressed with additional validation. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure Race Condition
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-31673 MEDIUM PATCH This Month

Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Drupal
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2025-27149 MEDIUM This Month

Zulip server provides an open-source team chat that helps teams stay productive and focused. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zulip Server
NVD GitHub
CVSS 4.0
4.6
EPSS
0.2%
CVE-2025-30439 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2025-24852 MEDIUM This Month

Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-29929 MEDIUM PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Tuleap
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-29766 MEDIUM PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Tuleap
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-30427 MEDIUM PATCH This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service Apple Red Hat +1
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2025-24216 MEDIUM PATCH This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2025-24242 MEDIUM This Month

This issue was addressed with improved handling of symlinks. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-30425 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2025-24279 MEDIUM This Month

This issue was addressed with improved file handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy