Skip to main content
CVE-2024-58252 MEDIUM This Month

Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-46587 MEDIUM This Month

Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-4384 MEDIUM This Month

The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-47256 MEDIUM PATCH This Month

Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. No vendor patch available.

Integer Overflow Buffer Overflow Suse
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-4341 MEDIUM This Month

A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 880L Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.3%
CVE-2025-22476 MEDIUM This Month

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Storage Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-3020 MEDIUM This Month

An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-3609 MEDIUM This Month

The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-46736 MEDIUM PATCH This Month

Umbraco is a free and open source .NET content management system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Umbraco Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-47418 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3281 MEDIUM This Month

The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-4333 MEDIUM This Month

A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4305 MEDIUM This Month

A vulnerability has been found in kefaming mayi up to 1.3.9 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-47417 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2023-33770 MEDIUM This Month

Real Estate Management System v1.0 was discovered to contain a SQL injection vulnerability via the message parameter at /contact.php. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-46593 MEDIUM This Month

Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-46586 MEDIUM This Month

Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-4373 MEDIUM PATCH This Month

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2025-32022 MEDIUM This Month

Finit provides fast init for Linux systems. Rated medium severity (CVSS 4.6). No vendor patch available.

Memory Corruption Buffer Overflow
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-46588 MEDIUM This Month

Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-46592 MEDIUM This Month

Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-46589 MEDIUM This Month

Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-4337 MEDIUM This Month

The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy