Skip to main content
CVE-2024-50385 MEDIUM POC This Month

A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service X Cube Azrt H7Rs X Cube Azrtos F4 X Cube Azrtos F7 X Cube Azrtos G0 +6
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-50384 MEDIUM POC This Month

A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service X Cube Azrt H7Rs X Cube Azrtos F4 X Cube Azrtos F7 X Cube Azrtos G0 +6
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-29719 MEDIUM POC This Month

SourceCodester (rems) Employee Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add_employee.php via the First Name and Address text fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-3119 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Tutor Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tutor Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3123 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Wondercms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2025-3121 MEDIUM POC This Month

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-50597 MEDIUM POC This Month

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service X Cube Azrt H7Rs X Cube Azrtos F4 X Cube Azrtos F7 +7
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-50595 MEDIUM POC This Month

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service X Cube Azrt H7Rs X Cube Azrtos F4 X Cube Azrtos F7 +7
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-50594 MEDIUM POC This Month

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service X Cube Azrt H7Rs X Cube Azrtos F4 X Cube Azrtos F7 +7
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-29982 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Wyse Management Suite
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-25051 MEDIUM This Month

IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Jazz Reporting Service
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-3070 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Suse
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-13637 MEDIUM This Month

The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-2779 MEDIUM This Month

The Insert Headers and Footers Code - HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-2513 MEDIUM This Month

The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-0257 MEDIUM This Month

HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Hcl Devops Deploy Hcl Launch
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-3098 MEDIUM This Month

The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2025-2483 MEDIUM This Month

The Gift Certificate Creator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘receip_address’ parameter in all versions up to, and including, 1.1.0 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-3097 MEDIUM This Month

The wp Time Machine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP CSRF XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-20120 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Infrastructure Evolved Programmable Network Manager
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-3099 MEDIUM This Month

The Advanced Search by My Solr Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-45700 MEDIUM PATCH This Month

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zabbix Suse
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2025-27244 MEDIUM This Month

AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2025-27556 MEDIUM PATCH This Month

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Python Denial Of Service Django Windows +2
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-31727 MEDIUM This Month

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Asakusasatellite
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31726 MEDIUM This Month

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Stack Hammer
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31725 MEDIUM This Month

Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Monitor Remote Job
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31728 MEDIUM This Month

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Asakusasatellite
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21994 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix incorrect validation for num_aces field of smb_acl parse_dcal() validate num_aces to allocate posix_ace_state_array. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21988 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/netfs/read_collect: add to next->prev_donated If multiple subrequests donate data to the same "next" request (depending on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21990 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21989 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .is_two_pixels_per_container Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Amd Null Pointer Dereference Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21987 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Otherwise an uninitialized value can be returned if amdgpu_res_cleared. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Amd Information Disclosure Linux Gitlab Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-3073 MEDIUM PATCH This Month

Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-3072 MEDIUM PATCH This Month

Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-3074 MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-56475 MEDIUM This Month

IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Txseries For Multiplatforms
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-56341 MEDIUM This Month

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-3071 MEDIUM PATCH This Month

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-1805 MEDIUM This Month

Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-0154 MEDIUM This Month

IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Txseries For Multiplatforms
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-27694 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Wyse Management Suite
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-27692 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Denial Of Service File Upload Wyse Management Suite
NVD
CVSS 3.1
4.7
EPSS
1.7%
CVE-2024-12410 MEDIUM This Month

The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-27693 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Wyse Management Suite
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-20203 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-3129 MEDIUM PATCH This Month

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.0.0 before 2.0.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Access Code Drupal
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-31286 MEDIUM This Month

An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Trend Vision One
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2025-31285 MEDIUM This Month

A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Vision One
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-31284 MEDIUM This Month

A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Vision One
NVD
CVSS 3.1
4.6
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy