Skip to main content
CVE-2025-27706 MEDIUM Monitor

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 4.0
4.6
EPSS
0.2%
CVE-2025-27702 MEDIUM This Month

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Secure Access
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5256 MEDIUM PATCH This Month

SummaryThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-48747 MEDIUM This Month

Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Directory Manager
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2025-47748 MEDIUM This Month

Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Directory Manager
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-32803 MEDIUM PATCH Monitor

In some cases, Kea log files or lease files may be world-readable.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Suse
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-1461 MEDIUM This Month

Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component in Vuetify allows unsanitized HTML to be inserted into the page. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD GitHub HeroDevs
CVSS 3.1
5.6
EPSS
0.2%
CVE-2024-57338 MEDIUM This Month

An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE File Upload
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-57337 MEDIUM This Month

An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE File Upload
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-57336 MEDIUM This Month

Incorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0.3.79 allows unauthorized attackers to obtain Administrator account access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-47057 MEDIUM PATCH This Month

SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-47055 MEDIUM PATCH Monitor

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Mautic
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-5257 MEDIUM PATCH This Month

SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-48929 MEDIUM Monitor

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Telemessage
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-48928 MEDIUM KEV THREAT Act Now

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Information Disclosure Telemessage
NVD
CVSS 3.1
4.0
EPSS
8.3%
CVE-2025-48927 MEDIUM KEV THREAT Act Now

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Information Disclosure Java Telemessage
NVD
CVSS 3.1
5.3
EPSS
7.6%
CVE-2025-48926 MEDIUM Monitor

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Telemessage
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-48925 MEDIUM Monitor

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Telemessage
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-48746 MEDIUM This Month

Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Directory Manager
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-36572 MEDIUM This Month

Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Powerstoreos
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32802 MEDIUM PATCH This Month

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-47056 MEDIUM PATCH This Month

SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nginx Apache Information Disclosure
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-51453 MEDIUM Monitor

IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Sterling Secure Proxy
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-38341 MEDIUM This Month

IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Sterling Secure Proxy
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-40651 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Real Easy Store. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD
CVSS 4.0
5.1
EPSS
0.4%
CVE-2025-4493 MEDIUM This Month

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue.1.3.0 through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-5299 MEDIUM POC This Week

A vulnerability was found in SourceCodester Client Database Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Client Database Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5298 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB Exploit-DB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5297 MEDIUM POC Monitor

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0.c. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Simple Computer Store System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5295 MEDIUM POC This Week

A vulnerability classified as critical was found in FreeFloat FTP Server 1.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-40673 MEDIUM This Month

A Missing Authorization vulnerability has been found in DinoRANK. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4963 MEDIUM This Month

The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-5082 MEDIUM This Month

The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachment_id’ parameter in all versions up to, and including, 5.0.12 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2025-47294 MEDIUM This Month

A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Fortinet Fortios
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-27526 MEDIUM PATCH This Month

Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-27522 MEDIUM PATCH This Month

Deserialization of Untrusted Data vulnerability in Apache InLong.13.0 through 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-5025 MEDIUM POC PATCH Monitor

libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Red Hat Suse
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-4947 MEDIUM POC PATCH This Week

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25029 MEDIUM Monitor

IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-25026 MEDIUM Monitor

IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-25025 MEDIUM Monitor

IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy