Skip to main content
CVE-2025-3549 LOW POC PATCH Monitor

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2025-3548 LOW POC PATCH Monitor

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3.h of the component File Handler. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2025-2572 MEDIUM This Month

In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Whatsup Gold
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-32907 MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-43850 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Console
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-43847 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Console
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-2475 MEDIUM PATCH This Month

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-32909 MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2025-3562 MEDIUM This Month

A vulnerability was found in Yonyou YonBIP MA2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3547 MEDIUM This Month

A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Agent Zero
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2022-43852 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3590 MEDIUM This Month

A vulnerability has been found in Adianti Framework up to 8.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3567 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3550 MEDIUM This Month

A vulnerability has been found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-10087 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iksoris
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3571 MEDIUM This Month

A vulnerability was found in Fannuo Enterprise Content Management System 凡诺企业网站管理系统 1.1/4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-49705 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iksoris
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13597 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-49707 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iksoris
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-13598 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iksoris
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-10090 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iksoris
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-10088 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iksoris
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-49706 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Iksoris
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-49708 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iksoris
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-10089 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iksoris
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3588 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2.java of the component JSON File Handler. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Java Red Hat
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-32093 MEDIUM PATCH This Month

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-43840 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-27272 LOW Monitor

IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Console
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2025-2424 LOW PATCH Monitor

Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Mattermost Server
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2024-49709 LOW Monitor

Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Iksoris
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-24859 LOW Monitor

A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Apache Authentication Bypass Roller
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-30516 LOW Monitor

Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Mattermost Mobile
NVD
CVSS 3.1
2.0
EPSS
0.2%
CVE-2025-32930 Awaiting Data

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-3552 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-3551 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy