Skip to main content
CVE-2025-24225 MEDIUM This Month

An injection issue was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-31205 MEDIUM PATCH This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple CSRF Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-47578 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Edward Caissie BNS Twitter Follow Button allows DOM-Based XSS.3.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31235 MEDIUM This Month

A double free issue was addressed with improved memory management. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31209 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2025-31233 MEDIUM This Month

The issue was addressed with improved input sanitization. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2025-47271 MEDIUM This Month

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 4.0
6.3
EPSS
0.4%
CVE-2025-31195 MEDIUM This Month

The issue was addressed by adding additional logic. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-31218 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-22247 MEDIUM PATCH This Month

VMware Tools contains an insecure file handling vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Red Hat Suse
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-26841 MEDIUM This Month

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS File Upload Everest Forms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-24144 MEDIUM This Month

An information disclosure issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-24111 MEDIUM This Month

A memory corruption issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24155 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24220 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-30440 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31251 MEDIUM This Month

The issue was addressed with improved input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31250 MEDIUM This Month

An information disclosure issue was addressed with improved privacy controls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31220 MEDIUM This Month

A privacy issue was addressed by removing sensitive data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31242 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24142 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31212 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31196 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31245 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31226 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31241 MEDIUM This Month

A double free issue was addressed with improved memory management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-34732 MEDIUM This Month

An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Neon Dx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-46825 LOW POC PATCH Monitor

Kanboard is project management software that focuses on the Kanban methodology. Rated low severity (CVSS 1.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Kanboard
NVD GitHub
CVSS 4.0
1.3
EPSS
0.2%
CVE-2025-40627 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Abantecart
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-40626 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Abantecart
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-31257 MEDIUM PATCH CISA This Month

This issue was addressed with improved memory handling. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD VulDB
CVSS 3.1
4.7
EPSS
0.8%
CVE-2025-31227 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-31206 MEDIUM PATCH This Month

A type confusion issue was addressed with improved state handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Denial Of Service Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2025-31239 MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Apple
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2025-31260 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31258 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31256 MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31253 HIGH This Month

This issue was addressed through improved state management. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31236 MEDIUM This Month

An information disclosure issue was addressed with improved privacy controls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-44175 MEDIUM POC This Month

Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-46750 MEDIUM Monitor

SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-46749 MEDIUM Monitor

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-46748 LOW Monitor

An authenticated user attempting to change their password could do so without using the current password. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2025-46747 MEDIUM This Month

An authenticated user without user-management permissions could identify other user accounts. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2025-46746 MEDIUM This Month

An administrator could discover another account's credentials. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-46745 MEDIUM This Month

An authenticated user without user-management permissions could view other users account information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-46744 LOW Monitor

An authenticated administrator could modify the Created By username for a user account. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2025-46743 MEDIUM This Month

An authenticated user's token could be used by another source after the user had logged out prior to the token expiring. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-46742 MEDIUM Monitor

Users who were required to change their password could still access system information before changing their password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-46741 MEDIUM This Month

A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred. Rated medium severity (CVSS 5.7). No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy