Skip to main content
CVE-2025-32815 MEDIUM POC THREAT This Month

An issue was discovered in Infoblox NETMRI before 7.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 33.5% and no vendor patch available.

Authentication Bypass Netmri
NVD
CVSS 3.1
6.5
EPSS
33.5%
CVE-2025-5076 MEDIUM POC This Month

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5075 MEDIUM POC This Month

A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5074 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-48368 MEDIUM POC This Month

Group-Office is an enterprise customer relationship management and groupware tool. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Group Office
NVD GitHub
CVSS 4.0
5.8
EPSS
0.2%
CVE-2025-5079 MEDIUM POC This Month

A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-5078 MEDIUM POC This Month

A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2024-13953 MEDIUM This Month

Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3938 MEDIUM This Month

Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis.14.2, before 4.15.1,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-48373 MEDIUM PATCH This Month

Schule is open-source school management system software. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Schule School Management System
NVD GitHub
CVSS 4.0
6.6
EPSS
0.3%
CVE-2025-48372 MEDIUM PATCH This Month

Schule is open-source school management system software. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Brute Force Information Disclosure Schule School Management System
NVD GitHub
CVSS 4.0
6.6
EPSS
0.3%
CVE-2025-3111 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Kubernetes Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-2853 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-3936 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-4575 MEDIUM PATCH This Month

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13951 MEDIUM This Month

One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attacker*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.1
EPSS
0.2%
CVE-2025-3941 MEDIUM This Month

Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation.14.2,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2025-33138 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Faspex
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-3940 MEDIUM This Month

Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation.14.2,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-3939 MEDIUM This Month

Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis.14.2, before 4.15.1,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-13954 MEDIUM This Month

Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolset*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-4979 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-13958 MEDIUM This Month

Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromised*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
4.6
EPSS
0.2%
CVE-2025-3942 MEDIUM This Month

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-4338 MEDIUM This Month

Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration files read from the network device. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-48371 MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Docker Helm Charts Openfga Suse
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-4975 MEDIUM Monitor

When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-48374 MEDIUM PATCH This Month

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2024-5962 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Api Manager Identity Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-7487 MEDIUM This Month

An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Identity Server
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-7103 MEDIUM Monitor

A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Identity Server
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-13950 MEDIUM This Month

Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.*; NEXUS Series: through 3.*; MATRIX Series:. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-13949 MEDIUM This Month

Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series:. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-13948 MEDIUM This Month

Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration information*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-48369 MEDIUM POC This Month

Group-Office is an enterprise customer relationship management and groupware tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Group Office
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-48366 MEDIUM This Month

Group-Office is an enterprise customer relationship management and groupware tool. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Group Office
NVD GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-48066 MEDIUM PATCH This Month

wire-webapp is the web application for the open-source messaging service Wire. Rated medium severity (CVSS 6.0).

Information Disclosure Wire Webapp
NVD GitHub
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-30173 MEDIUM This Month

File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
6.0
EPSS
0.3%
CVE-2025-30170 MEDIUM This Month

Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised.08.03; NEXUS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.9
EPSS
0.3%
CVE-2025-30169 MEDIUM This Month

File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload
NVD
CVSS 4.0
6.0
EPSS
0.3%
CVE-2024-13930 MEDIUM This Month

An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised08.03; NEXUS Series: through. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.9
EPSS
0.3%
CVE-2025-48061 MEDIUM This Month

wire-webapp is the web application for the open-source messaging service Wire. Rated medium severity (CVSS 5.6). No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-47780 MEDIUM POC Monitor

Asterisk is an open-source private branch exchange (PBX). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Command Injection Asterisk Certified Asterisk
NVD GitHub
CVSS 4.0
4.8
EPSS
0.6%
CVE-2025-46716 MEDIUM POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Buffer Overflow Sandboxie Windows
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-5081 MEDIUM POC This Week

A vulnerability classified as critical was found in Campcodes Cybercafe Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cybercafe Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2506 MEDIUM This Month

When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-23183 MEDIUM This Month

CWE-601: URL Redirection to Untrusted Site ('Open Redirect'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-23182 MEDIUM Monitor

CWE-203: Observable Discrepancy. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-32915 MEDIUM Monitor

Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 4.0
4.3
EPSS
0.1%
CVE-2025-0679 MEDIUM Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy