Skip to main content
CVE-2025-3911 MEDIUM This Month

Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords,. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2025-40616 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Bookgy
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-40615 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Bookgy
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4089 MEDIUM PATCH This Month

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Mozilla
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-46343 MEDIUM PATCH This Month

n8n is a workflow automation platform. Rated medium severity (CVSS 5.0). This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS N8n
NVD GitHub
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-46344 MEDIUM PATCH This Month

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
4.9
EPSS
0.3%
CVE-2025-4087 MEDIUM PATCH This Month

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Mozilla
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2025-0716 MEDIUM This Month

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Red Hat
NVD HeroDevs
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-4035 MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-3452 MEDIUM PATCH This Month

The SecuPress Free - WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupress_reinstall_plugins_admin_ajax_cb'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Secupress PHP
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-4095 MEDIUM This Month

Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Docker macOS
NVD
CVSS 4.0
4.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy