Skip to main content
CVE-2024-52290 MEDIUM POC PATCH This Month

LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ekuiper Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-47775 MEDIUM POC PATCH This Month

Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Bullfrog
NVD GitHub
CVSS 3.1
6.2
EPSS
0.3%
CVE-2025-29691 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oa System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-29690 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oa System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-29689 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oa System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-29688 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oa System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-29686 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oa System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-57273 MEDIUM POC This Month

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pfsense Ce Pfsense Plus
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-46836 MEDIUM PATCH CISA This Month

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-0134 MEDIUM This Month

A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Paloalto
NVD
CVSS 4.0
6.5
EPSS
0.4%
CVE-2025-30667 MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +5
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-46785 MEDIUM This Month

Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30668 MEDIUM This Month

Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-3932 MEDIUM PATCH This Month

It was possible to craft an email that showed a tracking link as an attachment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-47709 MEDIUM PATCH This Month

Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.0.0 before 4.7.0, from 5.0.0 before 5.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Miniorange 2fa Drupal
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45516 MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass XSS Zimbra Collaboration Suite
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-47704 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).0.0 before 3.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Klaro Cookie Consent Management Drupal
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-47703 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).0.0 before 1.2.14. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cookies Coonsent Manager Drupal
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-44024 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-47705 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).0.0 before 2.0.5, from 7.X-1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iframe Remove Filter Drupal
NVD HeroDevs
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-47888 MEDIUM This Month

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Jenkins Dingtalk
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-13940 MEDIUM This Month

The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.7 via the form webhook functionality. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-57096 MEDIUM This Month

An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Wps Office
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-53146 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() In dw2102_i2c_transfer, msg is controlled by user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-4520 MEDIUM This Month

The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Uncanny Automator PHP
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-45067 MEDIUM This Month

Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-24026 MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Itop
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-8988 MEDIUM This Month

The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the file_download REST API endpoint due to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-3769 MEDIUM This Month

The LatePoint - Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-0136 MEDIUM This Month

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0135 MEDIUM This Month

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Paloalto Google Microsoft +5
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2025-24969 MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
CVSS 3.1
5.0
EPSS
0.2%
CVE-2025-0137 MEDIUM This Month

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
CVSS 4.0
4.8
EPSS
0.4%
CVE-2025-47706 MEDIUM PATCH This Month

Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.0.0 before 4.7.0, from 5.0.0 before 5.2.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Miniorange 2fa Drupal
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-25370 MEDIUM This Month

An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-33104 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-24785 MEDIUM This Month

iTop is an web based IT Service Management tool. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Denial Of Service Itop
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-46786 MEDIUM This Month

Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Meeting Software Development Kit Rooms Rooms Controller Workplace +2
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-47887 MEDIUM PATCH This Month

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Cadence Vmanager
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47886 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Cadence Vmanager
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-56427 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Samsung Exynos 980 Firmware Exynos 990 Firmware +16
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-0132 MEDIUM This Month

A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Paloalto
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-4664 MEDIUM PATCH Monitor

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-30666 MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30665 MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30664 MEDIUM This Month

Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

XSS Privilege Escalation Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-47702 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).0.0 before 2.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oembed Providers Drupal
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-44186 MEDIUM POC This Month

SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Best Employee Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-44184 MEDIUM POC Monitor

SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Best Employee Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-26784 MEDIUM This Month

An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 980 Firmware Exynos 990 Firmware +15
NVD
CVSS 3.1
6.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy