Skip to main content
CVE-2025-2763 MEDIUM This Month

CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack RCE Autokit
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2025-1521 MEDIUM PATCH This Month

PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Information Disclosure SSRF Posthog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-0618 MEDIUM This Month

A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-1522 MEDIUM PATCH This Month

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Information Disclosure SSRF Posthog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-2770 MEDIUM This Month

BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Router Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2772 MEDIUM This Month

BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Router Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1054 MEDIUM This Month

The UiCore Elements - Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-22351 MEDIUM This Month

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-1056 MEDIUM This Month

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Camera Station Pro
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-3902 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).0.0 before 4.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Block Class Drupal
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-3901 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).0.0 before 1.13.0, from 3.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bootstrap Site Alert Drupal Bootstrap
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-3900 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).0.0 before 2.1.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Colorbox Drupal
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-29526 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-0926 MEDIUM This Month

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Camera Station Pro
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-43716 MEDIUM This Month

A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Authentication Bypass Ivanti
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-10306 MEDIUM PATCH This Month

A vulnerability was found in mod_proxy_cluster. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-2771 MEDIUM This Month

BEC Technologies Multiple Routers Authentication Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Router Firmware
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2025-2595 MEDIUM CISA This Month

An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-25045 MEDIUM This Month

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-3907 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.0.0 before 4.3.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Search Api Solr Drupal
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-25046 LOW Monitor

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-46394 LOW CISA Monitor

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.2
EPSS
0.1%
CVE-2025-46393 LOW PATCH Monitor

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order). Rated low severity (CVSS 2.9), this vulnerability is no authentication required.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2025-43965 LOW PATCH Monitor

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.

Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2024-58251 LOW Monitor

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up). Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
2.5
EPSS
0.1%
CVE-2025-3673 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46224 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46223 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46222 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46221 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46220 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46219 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46218 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46217 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-46216 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy