Skip to main content
CVE-2025-3122 LOW POC Monitor

A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Webassembly Binary Toolkit
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.8%
CVE-2025-2513 MEDIUM This Month

The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-0257 MEDIUM This Month

HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Hcl Devops Deploy Hcl Launch
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-3098 MEDIUM This Month

The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2025-2483 MEDIUM This Month

The Gift Certificate Creator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘receip_address’ parameter in all versions up to, and including, 1.1.0 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-3097 MEDIUM This Month

The wp Time Machine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP CSRF XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-20120 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Infrastructure Evolved Programmable Network Manager
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-3099 MEDIUM This Month

The Advanced Search by My Solr Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-45700 MEDIUM PATCH This Month

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zabbix Suse
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2025-27244 MEDIUM This Month

AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2025-27556 MEDIUM PATCH This Month

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Python Denial Of Service Django Windows +2
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-31727 MEDIUM This Month

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Asakusasatellite
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31726 MEDIUM This Month

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Stack Hammer
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31725 MEDIUM This Month

Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Monitor Remote Job
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31728 MEDIUM This Month

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Asakusasatellite
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21994 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix incorrect validation for num_aces field of smb_acl parse_dcal() validate num_aces to allocate posix_ace_state_array. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21988 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/netfs/read_collect: add to next->prev_donated If multiple subrequests donate data to the same "next" request (depending on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21990 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21989 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .is_two_pixels_per_container Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Amd Null Pointer Dereference Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21987 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Otherwise an uninitialized value can be returned if amdgpu_res_cleared. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Amd Information Disclosure Linux Gitlab Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-3073 MEDIUM PATCH This Month

Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-3072 MEDIUM PATCH This Month

Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-3074 MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-56475 MEDIUM This Month

IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Txseries For Multiplatforms
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-56341 MEDIUM This Month

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-3071 MEDIUM PATCH This Month

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-1805 MEDIUM This Month

Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-0154 MEDIUM This Month

IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Txseries For Multiplatforms
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-27694 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Wyse Management Suite
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-27692 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Denial Of Service File Upload Wyse Management Suite
NVD
CVSS 3.1
4.7
EPSS
1.7%
CVE-2024-12410 MEDIUM This Month

The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-27693 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Wyse Management Suite
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-20203 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-3129 MEDIUM PATCH This Month

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.0.0 before 2.0.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Access Code Drupal
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-31286 MEDIUM This Month

An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Trend Vision One
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2025-31285 MEDIUM This Month

A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Vision One
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-31284 MEDIUM This Month

A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Vision One
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-31283 MEDIUM This Month

A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Vision One
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-31282 MEDIUM This Month

A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Vision One
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-31724 MEDIUM PATCH This Month

Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Cadence Vmanager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-2842 MEDIUM PATCH This Month

Tempo Operator incorrectly grants cluster-monitoring-view ClusterRole permissions to Tempo service accounts when Jaeger UI Monitor Tab is enabled, allowing authenticated users with TempoStack creation and Secret read permissions in a namespace to extract the service account token and gain unauthorized access to all cluster metrics. The vulnerability affects Grafana Tempo Operator and carries a CVSS score of 4.3 with low EPSS exploitation probability (0.21%, 44th percentile), indicating limited real-world attack likelihood despite the information disclosure impact. No public exploit code or active exploitation has been confirmed at time of analysis.

Grafana Kubernetes Docker Privilege Escalation Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-2786 MEDIUM PATCH This Month

Tempo Operator creates overly-permissive ServiceAccount, ClusterRole, and ClusterRoleBinding resources that allow authenticated namespace users to extract the ServiceAccount token and abuse TokenReview and SubjectAccessReview APIs to enumerate other users' RBAC permissions, facilitating reconnaissance for follow-up attacks. While not enabling privilege escalation or impersonation directly, this information disclosure (CWE-200) under low complexity attack conditions affects any organization running Grafana Tempo Operator in multi-tenant or untrusted Kubernetes environments where namespace isolation is relied upon for security boundaries. EPSS exploitation probability is 0.21% (low), no public exploit code has been identified, and upstream remediation via GitHub PR #1145 has been made available by the Grafana Tempo Operator project.

Kubernetes Information Disclosure Docker
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-31721 MEDIUM PATCH This Month

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31720 MEDIUM PATCH This Month

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-56474 MEDIUM This Month

IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Txseries For Multiplatforms
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31723 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Simple Queue
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-36469 LOW Monitor

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 4.0
2.3
EPSS
0.2%
CVE-2024-42325 LOW Monitor

Zabbix API user.get returns all users that share common group with the calling user. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-3154 LOW Monitor

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-30218 LOW PATCH Monitor

Next.js is a React framework for building full-stack web applications. Rated low severity (CVSS 1.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Next.js Vercel
NVD GitHub
CVSS 4.0
1.7
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy