Skip to main content
CVE-2025-50740 MEDIUM This Month

AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-46660 MEDIUM This Month

An issue was discovered in 4C Strategies Exonaut 21.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Exonaut
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-8419 MEDIUM PATCH This Month

A vulnerability was found in Keycloak-services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Keycloak Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20332 MEDIUM Monitor

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20331 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-20215 MEDIUM This Month

A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required. No vendor patch available.

Cisco Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-51531 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sage Dpw
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-48394 MEDIUM Monitor

An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-48393 MEDIUM This Month

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-51308 MEDIUM POC This Month

In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gatling
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-51306 MEDIUM POC This Week

In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gatling
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-50234 MEDIUM POC This Week

MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Microsoft SSRF Privilege Escalation +3
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-50233 MEDIUM POC This Week

A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Qcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-36020 MEDIUM This Month

IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Guardium Data Protection
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-2028 MEDIUM This Month

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Log Server
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-52885 MEDIUM This Month

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mobile Access Remote Access Vpn
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-8616 MEDIUM This Month

A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication.5.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.1
EPSS
0.0%
CVE-2025-23335 MEDIUM Monitor

NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Nvidia Microsoft Integer Overflow Triton Inference Server +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-23334 MEDIUM This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow Microsoft Python Information Disclosure +2
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-23333 MEDIUM This Month

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Buffer Overflow Microsoft Python Information Disclosure +2
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-5197 MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Transformers Tensorflow AI / ML Pytorch +3
NVD GitHub
CVSS 3.0
5.3
EPSS
0.0%
CVE-2025-46391 MEDIUM This Month

CWE-284: Improper Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46389 MEDIUM This Month

CWE-620: Unverified Password Change. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46388 MEDIUM Monitor

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-6013 MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-22469 MEDIUM This Month

OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-7202 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related light products allows an attacker to host a malicious webpage that remotely controlles the victim's lights. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-7954 MEDIUM POC This Month

A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Race Condition Shopware
NVD GitHub
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-27072 MEDIUM This Month

Information disclosure while processing a packet at EAVB BE side with invalid header length. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware +33
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21472 MEDIUM This Month

Information disclosure while capturing logs as eSE debug messages are logged. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca9367 Firmware Qca9377 Firmware +8
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21465 MEDIUM This Month

Information disclosure while processing the hash segment in an MBN file. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware Ipq5300 Firmware Qca9984 Firmware +344
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-21464 MEDIUM This Month

Information disclosure while reading data from an image using specified offset and size parameters. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware Ipq5300 Firmware Qca9984 Firmware +337
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-21457 MEDIUM PATCH This Month

Information disclosure while opening a fastrpc session when domain is not sanitized. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware Fastconnect 7800 Firmware Qca6584au Firmware +12
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-7727 MEDIUM This Month

The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Fun Fact blocks in all versions up to, and including, 3.1.0 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-21021 MEDIUM This Month

Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.7). No vendor patch available.

Memory Corruption Buffer Overflow Blockchain Keystore
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-21016 MEDIUM Monitor

Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-21015 MEDIUM Monitor

Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-21014 MEDIUM Monitor

Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-21013 MEDIUM This Month

Improper access control in SemSensorManager for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to outdoor exercise and sleep time. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21012 MEDIUM This Month

Improper access control in fall detection for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to modify fall detection configuration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21011 MEDIUM This Month

Improper access control in SemSensorService for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to motion and body sensors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21010 MEDIUM This Month

Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-20990 MEDIUM Monitor

Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-8100 MEDIUM PATCH This Month

The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content' parameter in versions up to, and including, 8.1.5 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Element Pack PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-7498 MEDIUM PATCH This Month

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget in all versions up to, and including, 2.7.9.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Exclusive Addons For Elementor PHP Elementor
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-54643 MEDIUM This Month

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-54642 MEDIUM This Month

Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-54641 MEDIUM This Month

Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-54640 MEDIUM This Month

ParcelMismatch vulnerability in attribute deserialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-54639 MEDIUM This Month

ParcelMismatch vulnerability in attribute deserialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy