Skip to main content
CVE-2025-8752 MEDIUM POC This Month

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Java
NVD VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-8773 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8758 MEDIUM This Month

A vulnerability was found in TRENDnet TEW-822DRE FW103B02. Rated high severity (CVSS 7.3). No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2025-8757 MEDIUM This Month

A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Rated high severity (CVSS 7.3). No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2025-8744 MEDIUM This Month

A vulnerability classified as critical was found in CesiumLab Web up to 4.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2022-50233 MEDIUM PATCH This Month

{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-54998 MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-4655 MEDIUM PATCH This Month

SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-8763 MEDIUM This Month

A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2024-58238 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-8755 MEDIUM POC This Month

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic.java of the component com.macro.mall.portal.controller. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Mall
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7726 MEDIUM This Month

The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via its lightbox rendering code in all versions up to, and including, 12.6.0 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-7020 MEDIUM This Month

An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS (e.g. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-4581 MEDIUM PATCH This Month

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-55149 MEDIUM This Month

Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research-from ideation to implementation, writing, and review. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
6.7
EPSS
0.1%
CVE-2025-55013 MEDIUM PATCH Monitor

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-55006 MEDIUM Monitor

Frappe Learning is a learning system that helps users structure their content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Learning
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-55003 MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-55001 MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55000 MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55152 MEDIUM This Month

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54417 MEDIUM PATCH This Month

Craft is a platform for creating digital experiences. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Craft Cms
NVD GitHub
CVSS 4.0
5.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy