Skip to main content
CVE-2024-11390 MEDIUM PATCH This Month

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser (XSS) via crafted HTML and JavaScript files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

XSS Elastic File Upload Kibana
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-4144 MEDIUM PATCH This Month

PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Workers Oauth Provider Cloudflare
NVD GitHub
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-3889 MEDIUM PATCH This Month

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'process_payment_data' due to missing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Wordpress Simple Paypal Shopping Cart PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-52903 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-32882 MEDIUM This Month

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Mesh Firmware Gotenna
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36558 MEDIUM This Month

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the sso_token used for authentication. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-23151 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Fix race between unprepare and queue_buf A client driver may use mhi_unprepare_from_transfer() to quiesce incoming. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Debian Linux +2
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2022-49884 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfn_to_pfn_cache locks in dedicated helper Move the gfn_to_pfn_cache lock initialization to another helper and call. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-49781 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling amd_pmu_enable_all() does: if. Rated medium severity (CVSS 4.7).

Amd Linux Race Condition Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-49814 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: kcm: close race conditions on sk_receive_queue sk->sk_receive_queue is protected by skb queue lock, but for KCM sockets its RX path. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-49920 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: netlink notifier might race to release objects commit release path is invoked via call_rcu and it runs. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-49798 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race where eprobes can be called before the event The flag that tells the event to call its triggers after reading the. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-49771 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if list_versions races with module loading __list_versions will first estimate the required space using. Rated medium severity (CVSS 4.7).

Buffer Overflow Linux Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-52976 MEDIUM PATCH This Month

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

RCE Elastic Elastic Agent
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-25016 MEDIUM PATCH This Month

Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Elastic File Upload Kibana
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-32884 MEDIUM This Month

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mesh Firmware Gotenna
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32881 MEDIUM This Month

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mesh Firmware Gotenna
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-2168 MEDIUM PATCH This Month

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Ultimate Store Kit PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32886 MEDIUM This Month

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mesh Firmware Gotenna
NVD GitHub
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-29763 Awaiting Data

Rejected reason: “This CVE ID is Rejected and will not be used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-32883 Awaiting Data

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-37795 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-37782 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-37750 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 ("smb: client: allocate crypto only for primary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Microsoft +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-23139 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
Prev Page 8 of 8

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy