Skip to main content
CVE-2025-20135 MEDIUM Monitor

A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-54409 MEDIUM POC PATCH This Month

AIDE is an advanced intrusion detection environment. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Advanced Intrusion Detection Environment Red Hat Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-53631 MEDIUM This Month

flaskBlog is a blog app built with Flask. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python XSS Flaskblog
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-36612 MEDIUM This Month

SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Supportassist For Business Pcs
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-27847 MEDIUM Monitor

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27846 MEDIUM Monitor

In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-26484 MEDIUM This Month

Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service XXE Cloudlink D-Link
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-55675 MEDIUM PATCH This Month

Apache Superset contains an improper access control vulnerability in its /explore endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Apache Superset
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-55674 MEDIUM PATCH This Month

A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Superset
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-55673 MEDIUM PATCH This Month

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-55672 MEDIUM PATCH This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Superset
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-8963 MEDIUM POC This Month

A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Jimureport
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-7761 MEDIUM This Month

Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-5998 MEDIUM POC This Week

The PPWP - Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Password Protect Wordpress PHP
NVD WPScan
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-48861 MEDIUM This Month

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-8046 MEDIUM POC This Month

The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Injection Guard PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-7808 MEDIUM POC This Month

The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS External Store For Shopify PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-6790 MEDIUM Monitor

The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD WPScan
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-3414 MEDIUM This Month

The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD WPScan
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-5942 MEDIUM This Month

Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-0309 MEDIUM This Month

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-55199 MEDIUM PATCH This Month

Helm is a package manager for Charts for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Kubernetes Helm Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55198 MEDIUM PATCH This Month

Helm is a package manager for Charts for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Kubernetes Helm Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy