Skip to main content
CVE-2025-48188 LOW POC Monitor

libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Pspp
NVD
CVSS 3.1
2.9
EPSS
0.1%
CVE-2025-22233 LOW PATCH Monitor

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Java Spring
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-47794 LOW Monitor

Nextcloud Server is a self hosted personal cloud system. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Nextcloud Server Nextcloud
NVD GitHub
CVSS 3.1
2.6
EPSS
0.1%
CVE-2025-40632 LOW Monitor

Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

XSS Mail Server
NVD
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-40631 LOW Monitor

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

RCE Mail Server
NVD
CVSS 4.0
2.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy