Skip to main content
CVE-2025-44176 MEDIUM POC This Month

Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda RCE Fh451 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-55466 MEDIUM POC This Month

An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE File Upload Thingsboard
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-41393 MEDIUM POC This Month

Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
1.1%
CVE-2025-31228 MEDIUM This Month

The issue was addressed with improved authentication. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-31215 MEDIUM PATCH This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2025-31217 MEDIUM This Month

The issue was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2025-24222 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow macOS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-31210 MEDIUM This Month

The issue was addressed with improved UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-24225 MEDIUM This Month

An injection issue was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-31205 MEDIUM PATCH This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple CSRF Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-47578 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Edward Caissie BNS Twitter Follow Button allows DOM-Based XSS.3.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31235 MEDIUM This Month

A double free issue was addressed with improved memory management. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31209 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2025-31233 MEDIUM This Month

The issue was addressed with improved input sanitization. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2025-47271 MEDIUM This Month

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 4.0
6.3
EPSS
0.4%
CVE-2025-31195 MEDIUM This Month

The issue was addressed by adding additional logic. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-31218 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-22247 MEDIUM PATCH This Month

VMware Tools contains an insecure file handling vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Red Hat Suse
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-26841 MEDIUM This Month

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS File Upload Everest Forms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-24144 MEDIUM This Month

An information disclosure issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-24111 MEDIUM This Month

A memory corruption issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24155 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24220 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-30440 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31251 MEDIUM This Month

The issue was addressed with improved input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31250 MEDIUM This Month

An information disclosure issue was addressed with improved privacy controls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31220 MEDIUM This Month

A privacy issue was addressed by removing sensitive data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31242 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24142 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31212 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31196 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31245 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31226 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31241 MEDIUM This Month

A double free issue was addressed with improved memory management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-34732 MEDIUM This Month

An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Neon Dx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-40627 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Abantecart
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-40626 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Abantecart
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-31257 MEDIUM PATCH CISA This Month

This issue was addressed with improved memory handling. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD VulDB
CVSS 3.1
4.7
EPSS
0.8%
CVE-2025-31227 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-31206 MEDIUM PATCH This Month

A type confusion issue was addressed with improved state handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Denial Of Service Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2025-31239 MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Apple
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2025-31260 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31258 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31256 MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31236 MEDIUM This Month

An information disclosure issue was addressed with improved privacy controls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-44175 MEDIUM POC This Month

Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-46750 MEDIUM Monitor

SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-46749 MEDIUM Monitor

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-46747 MEDIUM This Month

An authenticated user without user-management permissions could identify other user accounts. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2025-46746 MEDIUM This Month

An administrator could discover another account's credentials. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy