Skip to main content
CVE-2025-6095 MEDIUM POC THREAT This Month

A SQL injection vulnerability (CVSS 7.3). Risk factors: EPSS 28% exploitation probability, public PoC available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
28.2%
CVE-2024-25573 MEDIUM This Month

Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing.

XSS
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-22854 MEDIUM PATCH This Month

CVE-2025-22854 is a security vulnerability (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-5964 MEDIUM PATCH This Month

A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.

Path Traversal M Files Server
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-6093 MEDIUM This Month

A vulnerability classified as critical was found in uYanki board-stm32f103rc-berial up to 84daed541609cb7b46854cc6672a275d1007e295. This vulnerability affects the function heartrate1_i2c_hal_write of the file 7.Example/hal/i2c/max30100/Manual/demo2/2/heartrate1_hal.c. The manipulation of the argument num leads to stack-based buffer overflow. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-36041 MEDIUM This Month

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.

Information Disclosure IBM Supplied Mq Advanced Container Images Mq Operator
NVD
CVSS 3.1
4.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy