Skip to main content
CVE-2025-4208 MEDIUM This Month

The NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the get_table_records. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress PHP Code Injection Nex Forms
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2025-3506 MEDIUM This Month

Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 4.0
6.3
EPSS
0.2%
CVE-2025-2806 MEDIUM This Month

The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 5.3 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Tagdiv Composer PHP
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-28074 MEDIUM This Month

phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phplist
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-28073 MEDIUM This Month

phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phplist
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-43926 MEDIUM This Month

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Znuny
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-55651 LOW POC Monitor

i-Educar is free, fully online school management software. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Educar
NVD GitHub
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-4207 MEDIUM PATCH This Month

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow PostgreSQL Denial Of Service Red Hat Suse
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-37820 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() The function xdp_convert_buff_to_frame() may return NULL if it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37811 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: fix usbmisc handling usbmisc is an optional device property so it is totally valid for the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37824 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() syzbot reported: tipc: Node number set to 1055423674 Oops: general. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Canonical Debian Denial Of Service +4
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37808 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq context through af_alg, use spin locks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-30102 MEDIUM This Month

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37828 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() A race can occur between the MCQ completion path and the abort handler: once a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37821 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash There is a code path in dequeue_entities() that can set the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37800 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37805 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Betty reported hitting the following warning: [ 8.709131][. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37801 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37833 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads Fix niu_try_msix() to not cause a fatal trap on sparc. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37826 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Add a NULL check for the returned hwq pointer by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37809 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typec_partner_unlink_device can lead to a NULL pointer dereference. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37806 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Keep write operations atomic syzbot reported a NULL pointer dereference in __generic_file_write_iter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Null Pointer Dereference Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37834 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Code Injection Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37807 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37802 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" wait_event_timeout() will set the state of the current task to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-32873 MEDIUM PATCH This Month

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Django Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-27695 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Authentication Bypass Wyse Management Suite
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-47730 MEDIUM This Month

The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive Signal) app with the credentials of logfile for the user and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Telemessage
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-46833 MEDIUM This Month

Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 4.0
4.6
EPSS
0.1%
CVE-2025-30101 MEDIUM This Month

Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-46336 MEDIUM PATCH This Month

Rack::Session is a session management implementation for Rack. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Race Condition Red Hat Suse
NVD GitHub
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-46712 LOW Monitor

Erlang/OTP is a set of libraries for the Erlang programming language. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
3.7
EPSS
0.3%
CVE-2025-44021 LOW PATCH Monitor

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). Rated low severity (CVSS 2.8). No vendor patch available.

Path Traversal
NVD
CVSS 3.1
2.8
EPSS
0.1%
CVE-2025-46812 LOW PATCH Monitor

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
2.0
EPSS
0.4%
CVE-2025-4440 HIGH This Month

A vulnerability was found in H3C GR-1800AX up to 100R008 and classified as critical. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-4107 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-47733 CRITICAL This Week

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Power Apps
NVD
CVSS 3.1
9.1
EPSS
2.7%
CVE-2025-47732 HIGH This Month

Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Deserialization Dataverse
NVD
CVSS 3.1
8.7
EPSS
2.7%
CVE-2025-33072 HIGH This Month

Improper access control in Azure allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Msagsfeedback Azurewebsites Net
NVD
CVSS 3.1
8.1
EPSS
2.4%
CVE-2025-31946 MEDIUM This Month

Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-29972 CRITICAL This Week

Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SSRF Azure Storage Resource Provider
NVD
CVSS 3.1
9.9
EPSS
4.5%
CVE-2025-29827 CRITICAL This Week

Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Automation
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2025-4475 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2024-12378 CRITICAL This Week

On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-4132 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-47729 LOW KEV THREAT This Month

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage. Rated low severity (CVSS 1.9). Actively exploited in the wild (cisa kev) and no vendor patch available.

Information Disclosure Text Message Archiver
NVD
CVSS 3.1
1.9
EPSS
4.1%
CVE-2025-41450 HIGH This Month

Improper Authentication vulnerability in Danfoss AKSM8xxA Series.2. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-3759 HIGH This Month

Endpoint /cgi-bin-igd/netcore_set.cgi which is used for changing device configuration is accessible without authentication. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-40846 HIGH This Month

Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect XSS
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-1254 HIGH This Month

Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Connext Professional
NVD
CVSS 4.0
7.7
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy