Skip to main content
CVE-2025-46206 MEDIUM POC This Month

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-50420 MEDIUM POC PATCH This Month

An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Poppler
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55014 MEDIUM This Month

The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Debian
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-8530 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eladmin
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-54554 MEDIUM This Month

tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-4604 MEDIUM PATCH This Month

The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-8525 MEDIUM POC This Month

A vulnerability was found in Exrick xboot up to 3.3.4. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Xboot Spring
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-50340 MEDIUM Monitor

An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-45183 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Buffer Overflow Exynos 2100 Firmware Exynos 2200 Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-44962 MEDIUM This Month

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ruckus Smartzone Firmware Ruckus Network Director
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-44958 MEDIUM This Month

RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format. Rated medium severity (CVSS 5.3). No vendor patch available.

Information Disclosure Ruckus Network Director
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-8516 MEDIUM This Month

A security vulnerability has been detected in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2.getFileUploadService.deleteFileAction of the file. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-5988 MEDIUM PATCH This Month

A flaw was found in the Ansible aap-gateway. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-30098 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-30097 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-30096 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-36605 MEDIUM This Month

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure XSS Unity Operating Environment
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-0932 MEDIUM Monitor

Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free 5th Gen Gpu Architecture Userspace Driver Bifrost Gpu Userspace Driver +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8341 MEDIUM PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana SSRF Red Hat Suse
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-41658 MEDIUM CISA This Month

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48499 MEDIUM This Month

Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-54962 MEDIUM This Month

/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-20698 MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20697 MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20696 MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy