Skip to main content
CVE-2025-41228 MEDIUM POC This Month

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS VMware
NVD Exploit-DB
CVSS 3.1
4.3
EPSS
6.0%
CVE-2025-41226 MEDIUM This Month

VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

VMware Denial Of Service
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2023-33861 MEDIUM This Month

IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Qradar Edr
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45641 MEDIUM This Month

IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Qradar Edr
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-5878 MEDIUM This Month

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-37958 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Debian Denial Of Service Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37966 MEDIUM PATCH This Month

A denial-of-service vulnerability exists in the Linux kernel's RISC-V architecture implementation where improper validation of the PR_SET_TAGGED_ADDR_CTRL prctl system call causes a kernel crash when the Supm (Supervisor User Memory) extension is not available. Affected systems are Linux kernel versions including 6.15-rc1 through 6.15-rc5 and potentially earlier versions across all RISC-V platforms. A local attacker with unprivileged user access can trigger an illegal instruction exception, crashing the kernel and denying service to all users, with an EPSS exploitation probability of only 0.11 percent indicating low real-world exploitation likelihood despite the availability of a vendor patch.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37909 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Fix memleak issue when GSO enabled Always map the `skb` to the LS descriptor. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37959 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpf_redirect_peer When bpf_redirect_peer is used to redirect packets to a device in another network namespace,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37931 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37968 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37972 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Denial Of Service Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37964 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Eliminate window where TLB flushes may be inadvertently skipped tl;dr: There is a window in the mm switching code where the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37917 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Use spin_lock_irqsave and spin_unlock_irqrestore instead. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Mediatek Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-41227 MEDIUM This Month

VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

VMware Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37904 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix the inode leak in btrfs_iget() [BUG] There is a bug report that a syzbot reproducer can lead to the following busy inode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Ubuntu Debian Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37945 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY DSA has 2 kinds of drivers: 1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Mediatek Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37980 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37907 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix locking order in ivpu_job_submit Fix deadlock in job submission and abort handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48056 MEDIUM PATCH This Month

Hubble is a fully distributed networking and security observability platform for cloud native workloads. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-37906 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd ublk_cancel_cmd() calls io_uring_cmd_done() to complete. Rated medium severity (CVSS 4.7).

Linux Race Condition Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-37920 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AF_XDP generic RX path Move rx_lock from xsk_socket to xsk_buff_pool.

Linux Information Disclosure Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-4951 MEDIUM This Month

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

XSS Appspider Pro
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-5008 MEDIUM POC This Week

A vulnerability was found in projectworlds Online Time Table Generator 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Time Table Generator
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5007 MEDIUM This Month

A vulnerability was found in Part-DB up to 1.17.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-5006 MEDIUM POC This Week

A vulnerability was found in Campcodes Online Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5004 MEDIUM POC This Week

A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Time Table Generator
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5003 MEDIUM POC This Week

A vulnerability has been found in projectworlds Online Time Table Generator 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Time Table Generator
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5002 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Client Database Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5001 MEDIUM POC Monitor

A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pspp Suse
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5000 MEDIUM This Month

A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys Fgw3000 Ah Firmware Fgw3000 Hk Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.9%
CVE-2025-4999 MEDIUM This Month

A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys Fgw3000 Ah Firmware Fgw3000 Hk Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.9%
CVE-2025-4996 MEDIUM Monitor

A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-47854 MEDIUM Monitor

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-47853 MEDIUM Monitor

In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian XSS Teamcity
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-47852 MEDIUM Monitor

In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-47851 MEDIUM Monitor

In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-47850 MEDIUM Monitor

In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-37990 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37989 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37988 MEDIUM PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() Normally do_lock_mount(path, _) is locking a mountpoint. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-37987 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent possible adminq overflow/stuck condition The pds_core's adminq is protected by the adminq_lock, which prevents. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37986 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37985 MEDIUM PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Debian Linux +2
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-37984 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37983 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37982 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-37978 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: block: integrity: Do not call set_page_dirty_lock() Placing multiple protection information buffers inside the same page can lead. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37977 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set If dma-coherent property isn't set then descriptors are. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Samsung Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37974 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpci_create_device() error return The zpci_create_device() function returns an error pointer that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy