Skip to main content
CVE-2025-31283 MEDIUM This Month

A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Vision One
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-31282 MEDIUM This Month

A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Vision One
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-31724 MEDIUM PATCH This Month

Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Cadence Vmanager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-2842 MEDIUM PATCH This Month

Tempo Operator incorrectly grants cluster-monitoring-view ClusterRole permissions to Tempo service accounts when Jaeger UI Monitor Tab is enabled, allowing authenticated users with TempoStack creation and Secret read permissions in a namespace to extract the service account token and gain unauthorized access to all cluster metrics. The vulnerability affects Grafana Tempo Operator and carries a CVSS score of 4.3 with low EPSS exploitation probability (0.21%, 44th percentile), indicating limited real-world attack likelihood despite the information disclosure impact. No public exploit code or active exploitation has been confirmed at time of analysis.

Grafana Kubernetes Docker Privilege Escalation Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-2786 MEDIUM PATCH This Month

Tempo Operator creates overly-permissive ServiceAccount, ClusterRole, and ClusterRoleBinding resources that allow authenticated namespace users to extract the ServiceAccount token and abuse TokenReview and SubjectAccessReview APIs to enumerate other users' RBAC permissions, facilitating reconnaissance for follow-up attacks. While not enabling privilege escalation or impersonation directly, this information disclosure (CWE-200) under low complexity attack conditions affects any organization running Grafana Tempo Operator in multi-tenant or untrusted Kubernetes environments where namespace isolation is relied upon for security boundaries. EPSS exploitation probability is 0.21% (low), no public exploit code has been identified, and upstream remediation via GitHub PR #1145 has been made available by the Grafana Tempo Operator project.

Kubernetes Information Disclosure Docker
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-31721 MEDIUM PATCH This Month

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31720 MEDIUM PATCH This Month

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-56474 MEDIUM This Month

IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Txseries For Multiplatforms
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31723 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Simple Queue
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-3130 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Obfuscate allows Stored XSS.0.0 before 2.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Obfuscate Drupal
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-3120 MEDIUM POC This Month

A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3118 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Tutor Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tutor Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-56476 MEDIUM This Month

IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Txseries For Multiplatforms
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-50596 MEDIUM POC Monitor

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service X Cube Azrt H7Rs X Cube Azrtos F4 X Cube Azrtos F7 +7
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-21992 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux HP Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy