Skip to main content
CVE-2025-31541 MEDIUM This Month

Missing Authorization vulnerability in turitop TuriTop Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.0.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-31893 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cheesefather Botnet Attack Blocker allows Stored XSS.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31622 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Utkarsh Kukreti Advanced Typekit allows Stored XSS.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31091 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Header and Footer allows Stored XSS.2.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31746 MEDIUM This Month

Missing Authorization vulnerability in Think201 Clients allows Exploiting Incorrectly Configured Access Control Security Levels.1.4. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-31739 MEDIUM This Month

Missing Authorization vulnerability in Manuel Schmalstieg Minimalistic Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels.1.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13673 MEDIUM This Month

The Big Boom Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bbd-search' shortcode in all versions up to, and including, 2.5.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-9416 MEDIUM This Month

The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions <= 5.0.36) due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Modula Image Gallery
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1663 MEDIUM PATCH This Month

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Unlimited Elements For Elementor PHP Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-31841 MEDIUM This Month

Missing Authorization vulnerability in Frank P. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-30485 MEDIUM This Month

UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
6.2
EPSS
0.2%
CVE-2025-2299 MEDIUM PATCH This Month

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress CSRF XSS Luckywp Table Of Contents PHP
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-32050 MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2025-31554 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in docxpresso Docxpresso allows Absolute Path Traversal.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2025-32051 MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-31558 MEDIUM This Month

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Greg TailPress allows Retrieve Embedded Sensitive Data.4.4. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.3%
CVE-2025-31876 MEDIUM This Month

Missing Authorization vulnerability in gunnarpayday Payday allows Exploiting Incorrectly Configured Access Control Security Levels.3.12. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-21996 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() On the off chance that command stream passed from userspace via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21997 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type 'u32', their. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-22003 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix out of bound read in strscpy() source Commit 7fdaf8966aae ("can: ucan: use strscpy() to instead of strncpy()"). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-22001 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaic_validate_req() These are u64 variables that come from the user via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21995 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix fence reference count leak The last_scheduled fence leaks when an entity is being killed and adding the cleanup. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-22007 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix error code in chan_alloc_skb_cb() The chan_alloc_skb_cb() function is supposed to return error pointers on error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-22005 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-22006 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix NAPI registration sequence Registering the interrupts for TX or RX DMA Channels prior to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-22002 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfs: Call `invalidate_cache` only if implemented Many filesystems such as NFS and Ceph do not implement the `invalidate_cache`. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux HP Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-22000 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: drop beyond-EOF folios with the right number of refs When an after-split folio is large and needs to be dropped due. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-31794 MEDIUM This Month

Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.0.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-0272 MEDIUM This Month

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XSS Hcl Devops Deploy Hcl Launch
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-47639 MEDIUM PATCH This Month

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-31127 MEDIUM This Month

Element X Android is a Matrix Android Client provided by element.io. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-31126 MEDIUM This Month

Element X iOS is a Matrix iOS Client provided by Element. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-3152 MEDIUM This Month

A vulnerability classified as problematic has been found in caipeichao ThinkOX 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3153 MEDIUM PATCH This Month

Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

CSRF XSS Concrete Cms
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-31827 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vlad.olaru Fonto allows Path Traversal.2.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2025-31825 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pixelgrade Category Icon allows Path Traversal.0.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2025-31483 MEDIUM PATCH This Month

Miniflux is a feed reader. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Suse
NVD GitHub
CVSS 4.0
4.8
EPSS
0.3%
CVE-2025-3157 MEDIUM This Month

A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3165 MEDIUM This Month

A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3148 MEDIUM This Month

A vulnerability was found in codeprojects Product Management System 1.0 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Product Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3144 MEDIUM This Month

A vulnerability classified as problematic was found in MindSpore 2.5.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3139 MEDIUM This Month

A vulnerability was found in code-projects Bus Reservation System 1.0 and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Bus Reservation System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3145 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in MindSpore 2.5.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-21998 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-2874 MEDIUM This Month

The User Submitted Posts - Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including,. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2025-0279 MEDIUM Monitor

HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Traveler
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-0278 MEDIUM Monitor

HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Traveler Windows
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-3179 MEDIUM POC This Week

A vulnerability classified as critical has been found in projectworlds Online Doctor Appointment Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctor Appointment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-47217 MEDIUM This Month

An issue was discovered in Iglu Server 0.13.0 and below. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Iglu Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-3158 MEDIUM POC PATCH Monitor

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy