Skip to main content
CVE-2024-13954 MEDIUM This Month

Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolset*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-4979 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-13958 MEDIUM This Month

Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromised*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
4.6
EPSS
0.2%
CVE-2025-3942 MEDIUM This Month

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-1110 LOW Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-4642 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-4562 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-4338 MEDIUM This Month

Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration files read from the network device. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-48371 MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Docker Helm Charts Openfga Suse
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-4975 MEDIUM Monitor

When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-47181 HIGH This Month

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Edge Update Chrome
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2025-48374 MEDIUM PATCH This Month

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2024-5962 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Api Manager Identity Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-7487 MEDIUM This Month

An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Identity Server
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-7103 MEDIUM Monitor

A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Identity Server
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-6914 CRITICAL This Week

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Api Manager Identity Server Identity Server As Key Manager Open Banking Am +2
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-13950 MEDIUM This Month

Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.*; NEXUS Series: through 3.*; MATRIX Series:. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-13949 MEDIUM This Month

Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series:. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-13948 MEDIUM This Month

Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration information*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13947 HIGH This Month

Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-13946 HIGH POC This Month

DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.*; NEXUS Series: through 3.*; MATRIX Series:. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
1.1%
CVE-2025-48369 MEDIUM POC This Month

Group-Office is an enterprise customer relationship management and groupware tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Group Office
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-48366 MEDIUM This Month

Group-Office is an enterprise customer relationship management and groupware tool. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Group Office
NVD GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-48075 HIGH POC PATCH This Month

Fiber is an Express-inspired web framework written in Go. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Fiber Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.5%
CVE-2025-48066 MEDIUM PATCH This Month

wire-webapp is the web application for the open-source messaging service Wire. Rated medium severity (CVSS 6.0).

Information Disclosure Wire Webapp
NVD GitHub
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-30173 MEDIUM This Month

File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
6.0
EPSS
0.3%
CVE-2025-30172 HIGH This Month

Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
8.9
EPSS
1.3%
CVE-2025-30171 HIGH This Month

System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.3
EPSS
0.4%
CVE-2025-30170 MEDIUM This Month

Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised.08.03; NEXUS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.9
EPSS
0.3%
CVE-2025-30169 MEDIUM This Month

File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload
NVD
CVSS 4.0
6.0
EPSS
0.3%
CVE-2025-2410 HIGH This Month

Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised.08.03; NEXUS Series: through. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.9
EPSS
0.3%
CVE-2025-2409 HIGH This Month

File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised08.03; NEXUS Series: through 3.08.03; MATRIX. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.9
EPSS
0.4%
CVE-2024-9639 HIGH This Month

Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
7.5
EPSS
1.3%
CVE-2024-52874 HIGH This Month

In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Netmri
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-13931 HIGH This Month

Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
7.5
EPSS
0.4%
CVE-2024-13930 MEDIUM This Month

An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised08.03; NEXUS Series: through. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.9
EPSS
0.3%
CVE-2024-13929 HIGH This Month

Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
7.5
EPSS
1.7%
CVE-2024-13928 HIGH This Month

SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection SQLi
NVD
CVSS 4.0
7.5
EPSS
0.2%
CVE-2025-48061 MEDIUM This Month

wire-webapp is the web application for the open-source messaging service Wire. Rated medium severity (CVSS 5.6). No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-47780 MEDIUM POC Monitor

Asterisk is an open-source private branch exchange (PBX). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Command Injection Asterisk Certified Asterisk
NVD GitHub
CVSS 4.0
4.8
EPSS
0.6%
CVE-2025-47779 HIGH POC This Month

Asterisk is an open-source private branch exchange (PBX). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Asterisk Certified Asterisk
NVD GitHub
CVSS 3.1
7.7
EPSS
0.3%
CVE-2025-46716 MEDIUM POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Buffer Overflow Sandboxie Windows
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-46715 HIGH POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Memory Corruption Buffer Overflow Sandboxie Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-45472 HIGH This Month

Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Autodeploy Layer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-43596 HIGH This Month

An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Backup
NVD
CVSS 4.0
8.5
EPSS
0.5%
CVE-2024-48850 HIGH This Month

Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.5
EPSS
0.4%
CVE-2025-5081 MEDIUM POC This Week

A vulnerability classified as critical was found in Campcodes Cybercafe Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cybercafe Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4366 HIGH PATCH This Month

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Request Smuggling Authentication Bypass Pingora Cloudflare
NVD GitHub
CVSS 4.0
7.4
EPSS
0.6%
CVE-2025-45468 HIGH This Month

Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fc Stable Diffusion
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-2506 MEDIUM This Month

When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy