Skip to main content
CVE-2025-8838 MEDIUM POC This Month

A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-38499 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-55159 MEDIUM PATCH This Month

slab is a pre-allocated storage for a uniform data type. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-55158 MEDIUM PATCH This Month

Vim is an open source, command line text editor. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Vim Red Hat Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-55157 MEDIUM PATCH This Month

Vim is an open source, command line text editor. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Use After Free Vim Red Hat +1
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-54992 MEDIUM This Month

OpenKilda is an open-source OpenFlow controller. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-8285 MEDIUM PATCH Monitor

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-54463 MEDIUM PATCH This Month

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Denial Of Service Confluence Suse
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-54458 MEDIUM PATCH This Month

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-53910 MEDIUM PATCH Monitor

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-53514 MEDIUM PATCH This Month

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Denial Of Service Confluence Suse
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-51824 MEDIUM PATCH This Month

libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libcsp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-51823 MEDIUM PATCH This Month

libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libcsp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-48731 MEDIUM PATCH This Month

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-44001 MEDIUM PATCH Monitor

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Atlassian Confluence Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-25229 MEDIUM This Month

Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-8866 MEDIUM This Month

YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-8865 MEDIUM Monitor

The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. Rated medium severity (CVSS 4.1). No vendor patch available.

Denial Of Service Null Pointer Dereference Red Hat
NVD
CVSS 4.0
4.1
EPSS
0.0%
CVE-2025-8864 MEDIUM This Month

Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs. Rated medium severity (CVSS 6.8). No vendor patch available.

Information Disclosure Red Hat
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-8851 MEDIUM PATCH Monitor

A vulnerability was determined in LibTIFF up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libtiff Red Hat Suse
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-8672 MEDIUM PATCH Monitor

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Python Apple Privilege Escalation Gimp macOS +1
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-8661 MEDIUM Monitor

A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Symantec Pgp Encryption
NVD
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-8660 MEDIUM This Month

Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Symantec Pgp Encryption
NVD
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-7965 MEDIUM Monitor

The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD WPScan
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy