Skip to main content
CVE-2025-51052 MEDIUM POC This Month

A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Vedo Suite
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-51054 MEDIUM POC This Month

Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vedo Suite
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-32430 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 4.0
6.5
EPSS
0.1%
CVE-2025-51058 MEDIUM POC This Month

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Vedo Suite
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-51057 MEDIUM POC This Month

A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Information Disclosure Vedo Suite
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-51053 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Vedo Suite
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-54630 MEDIUM This Month

:Vulnerability of insufficient data length verification in the DFA module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-54617 MEDIUM This Month

Stack-based buffer overflow vulnerability in the dms_fwk module. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-54632 MEDIUM This Month

Vulnerability of insufficient data length verification in the HVB module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-54631 MEDIUM This Month

Vulnerability of insufficient data length verification in the partition module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Integer Overflow Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-54633 MEDIUM This Month

Out-of-bounds read vulnerability in the register configuration of the DMA module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-54629 MEDIUM This Month

Race condition issue occurring in the physical page import process of the memory management module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Emui Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-54644 MEDIUM This Month

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2024-55398 MEDIUM This Month

4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Exonaut
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-55399 MEDIUM This Month

4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Exonaut
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6986 MEDIUM This Month

The FileBird - WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 6.4.8 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-7399 MEDIUM This Month

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via an Elementor display setting in all versions up to, and including, 28.1.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-6690 MEDIUM This Month

The WP Tournament Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘field’ parameter in all versions up to, and including, 1.3.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-6256 MEDIUM This Month

The Flex Guten plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘thumbnailHoverEffect’ parameter in all versions up to, and including, 1.2.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-7502 MEDIUM This Month

The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several shortcodes in all versions up to, and including, 8.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Page Builder PHP WPBakery Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-21017 MEDIUM This Month

Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Blockchain Keystore
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-54614 MEDIUM This Month

Input verification vulnerability in the home screen module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-54615 MEDIUM This Month

Vulnerability of insufficient information protection in the media library module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-54608 MEDIUM This Month

Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-54635 MEDIUM This Month

Vulnerability of returning released pointers in the distributed notification service. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-7376 MEDIUM This Month

Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-54613 MEDIUM This Month

Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-54612 MEDIUM This Month

Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-21020 MEDIUM This Month

Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.7). No vendor patch available.

Memory Corruption Buffer Overflow Blockchain Keystore
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-54618 MEDIUM This Month

Permission control vulnerability in the distributed clipboard module. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-54620 MEDIUM This Month

Deserialization vulnerability of untrusted data in the ability module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-54638 MEDIUM This Month

Issue of inconsistent read/write serialization in the ad module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21019 MEDIUM This Month

Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-54610 MEDIUM This Month

Out-of-bounds access vulnerability in the audio codec module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-54609 MEDIUM This Month

Out-of-bounds access vulnerability in the audio codec module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-54648 MEDIUM This Month

Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-54647 MEDIUM This Month

Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-8620 MEDIUM PATCH This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-55402 MEDIUM This Month

4C Strategies Exonaut before v22.4 was discovered to contain an access control issue. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Exonaut
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-54619 MEDIUM This Month

Iterator failure issue in the multi-mode input module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-54646 MEDIUM This Month

Vulnerability of inadequate packet length check in the BLE module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-54645 MEDIUM This Month

Out-of-bounds array access issue due to insufficient data verification in the location service module. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-54651 MEDIUM This Month

Race condition vulnerability in the kernel hufs module. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-54649 MEDIUM This Month

Vulnerability of using incompatible types to access resources in the location service. Rated medium severity (CVSS 4.5). No vendor patch available.

Memory Corruption Information Disclosure Harmonyos
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-21018 MEDIUM This Month

Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Blockchain Keystore
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-54636 MEDIUM This Month

Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-54637 MEDIUM This Month

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-54650 MEDIUM This Month

Improper array index verification vulnerability in the audio codec module. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-54616 MEDIUM This Month

Out-of-bounds array access vulnerability in the ArkUI framework. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-6632 MEDIUM This Month

A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure 3ds Max
NVD
CVSS 3.1
5.3
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy