186 CVEs tracked today. 16 Critical, 37 High, 117 Medium, 3 Low.
-
CVE-2025-55736
CRITICAL
CVSS 9.3
flaskBlog is a blog app built with Flask. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Python
Information Disclosure
Flaskblog
-
CVE-2025-55733
CRITICAL
CVSS 9.6
DeepChat is a smart assistant that connects powerful AI to your personal world. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
RCE
Code Injection
Deepchat
-
CVE-2025-51543
CRITICAL
CVSS 9.8
An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
-
CVE-2025-6758
CRITICAL
CVSS 9.8
The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' function in all versions up to, and including, 3.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
Privilege Escalation
PHP
-
CVE-2025-55306
CRITICAL
CVSS 9.8
GenX_FX is an advance IA trading platform that will focus on forex trading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Google
-
CVE-2025-55294
CRITICAL
CVSS 9.8
screenshot-desktop allows capturing a screenshot of your local machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Command Injection
-
CVE-2025-55031
CRITICAL
CVSS 9.8
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apple
Open Redirect
Mozilla
Firefox
Firefox Focus
-
CVE-2025-54336
CRITICAL
CVSS 9.8
In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PHP
Information Disclosure
-
CVE-2025-54145
CRITICAL
CVSS 9.1
The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox for. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apple
Open Redirect
Mozilla
Firefox
iOS
-
CVE-2025-54143
CRITICAL
CVSS 9.8
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS < 141. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Apple
Mozilla
Firefox
iOS
-
CVE-2025-50567
CRITICAL
CVSS 10.0
Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PHP
RCE
SQLi
-
CVE-2025-9187
CRITICAL
CVSS 9.8
Memory safety bugs present in Firefox 141 and Thunderbird 141. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
RCE
Mozilla
Firefox
Thunderbird
-
CVE-2025-9179
CRITICAL
CVSS 9.8
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Mozilla
Firefox
Thunderbird
Redhat
-
CVE-2025-8723
CRITICAL
CVSS 9.8
The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hook_rest_pre_dispatch() method in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
Code Injection
RCE
PHP
Authentication Bypass
-
CVE-2025-8042
CRITICAL
CVSS 9.8
Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Google
Information Disclosure
Mozilla
Firefox
Android
-
CVE-2024-44373
CRITICAL
CVSS 9.8
A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.06_06 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PHP
Path Traversal
RCE
-
CVE-2025-55029
HIGH
CVSS 7.5
Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks This vulnerability affects Firefox for iOS < 142. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
Apple
Mozilla
Firefox
iOS
-
CVE-2025-52478
HIGH
CVSS 8.7
n8n is a workflow automation platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
XSS
N8n
-
CVE-2025-50891
HIGH
CVSS 7.2
The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
RCE
XSS
-
CVE-2025-41689
HIGH
CVSS 7.5
An unauthenticated remote attacker can get access without password protection to the affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2025-38599
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx() Fis possible Out-Of-Boundary access in mt7996_tx routine if link_id is. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Linux
Buffer Overflow
Information Disclosure
Linux Kernel
Redhat
-
CVE-2025-38598
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [ +0.000020] BUG: KASAN: slab-use-after-free in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption
Use After Free
Information Disclosure
Linux
Linux Kernel
-
CVE-2025-38596
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption
Use After Free
Information Disclosure
Linux
Linux Kernel
-
CVE-2025-38595
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: xen: fix UAF in dmabuf_exp_from_pages() [dma_buf_fd() fixes; no preferences regarding the tree it goes through - up to xen folks]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption
Use After Free
Information Disclosure
Linux
Linux Kernel
-
CVE-2025-38594
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix UAF on sva unbind with pending IOPFs Commit 17fce9d2336d ("iommu/vt-d: Put iopf enablement in domain attach path"). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption
Use After Free
Information Disclosure
Linux
Linux Kernel
-
CVE-2025-38593
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' Function 'hci_discovery_filter_clear()' frees 'uuids' array. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Denial Of Service
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38592
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv Currently both dev_coredumpv and skb_put_data in hci_devcd_dump use. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Linux
Buffer Overflow
Google
Information Disclosure
Linux Kernel
-
CVE-2025-38585
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() When gmin_get_config_var() calls efi.get_variable() and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Intel
Linux
Memory Corruption
Buffer Overflow
RCE
-
CVE-2025-38584
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padata_reorder that goes back to the initial commit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption
Use After Free
Information Disclosure
Linux
Linux Kernel
-
CVE-2025-38582
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38580
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4_end_io_rsv_work() In ext4_io_end_defer_completion(), check if io_end->list_vec is empty to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory Corruption
Denial Of Service
Use After Free
Linux
Linux Kernel
-
CVE-2025-38579
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38574
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptp_xmit() Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung"). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38572
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Buffer Overflow
Google
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38570
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in fbnic in the AF_XDP portion of the queues.py test. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption
Use After Free
Information Disclosure
Linux
Linux Kernel
-
CVE-2025-38568
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory Corruption
Buffer Overflow
Linux
Linux Kernel
Redhat
-
CVE-2025-38566
HIGH
CVSS 7.5
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38565
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38563
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38556
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Linux
Buffer Overflow
Information Disclosure
Linux Kernel
Redhat
-
CVE-2025-38555
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption
Use After Free
Information Disclosure
Linux
Linux Kernel
-
CVE-2025-38554
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped By inducing delays in the right places, Jann Horn created a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Linux
Memory Corruption
Google
Use After Free
Information Disclosure
-
CVE-2025-9185
HIGH
CVSS 8.1
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Buffer Overflow
RCE
Mozilla
Firefox
Thunderbird
-
CVE-2025-9184
HIGH
CVSS 8.1
Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Buffer Overflow
RCE
Mozilla
Firefox
Thunderbird
-
CVE-2025-9182
HIGH
CVSS 7.5
Denial-of-service due to out-of-memory in the Graphics: WebRender component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
Mozilla
Firefox
Thunderbird
Redhat
-
CVE-2025-9180
HIGH
CVSS 8.1
Same-origin policy bypass in the Graphics: Canvas2D component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Mozilla
Firefox
Thunderbird
Redhat
-
CVE-2025-9146
HIGH
CVSS 7.5
A flaw has been found in Linksys E5600 1.1.0.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Linksys
Information Disclosure
E5600 Firmware
-
CVE-2025-8450
HIGH
CVSS 8.2
Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2025-8218
HIGH
CVSS 8.8
The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' parameter in all versions up to, and including, 3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
Privilege Escalation
PHP
-
CVE-2025-7670
HIGH
CVSS 7.5
The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the build_sql_where() function in all versions up to, and including, 6.1.5 due to insufficient escaping on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
SQLi
PHP
-
CVE-2025-7654
HIGH
CVSS 8.8
Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
Privilege Escalation
Information Disclosure
PHP
-
CVE-2025-4046
HIGH
CVSS 8.5
A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.
Authentication Bypass
-
CVE-2025-4044
HIGH
CVSS 8.2
Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
XXE
Microsoft
Windows
-
CVE-2025-55740
MEDIUM
CVSS 6.5
nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Docker
Nginx
-
CVE-2025-55737
MEDIUM
CVSS 6.9
flaskBlog is a blog app built with Flask. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
Python
Flaskblog
-
CVE-2025-55735
MEDIUM
CVSS 5.3
flaskBlog is a blog app built with Flask. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Python
XSS
Flaskblog
-
CVE-2025-55734
MEDIUM
CVSS 6.9
flaskBlog is a blog app built with Flask. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
Python
Information Disclosure
Flaskblog
-
CVE-2025-55303
MEDIUM
CVSS 6.9
Astro is a web framework for content-driven websites. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
XSS
Astro
-
CVE-2025-55295
MEDIUM
CVSS 6.5
qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Path Traversal
Redhat
-
CVE-2025-55033
MEDIUM
CVSS 6.1
Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apple
XSS
Firefox Focus
iOS
-
CVE-2025-55032
MEDIUM
CVSS 6.1
Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apple
Open Redirect
XSS
Firefox Focus
iOS
-
CVE-2025-55030
MEDIUM
CVSS 6.1
Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XSS
Apple
Mozilla
Firefox
iOS
-
CVE-2025-55028
MEDIUM
CVSS 6.5
Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks This vulnerability affects Firefox for iOS <. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
Apple
Mozilla
Firefox
iOS
-
CVE-2025-54881
MEDIUM
CVSS 5.3
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XSS
Suse
-
CVE-2025-54880
MEDIUM
CVSS 5.1
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
XSS
Mermaid
Suse
-
CVE-2025-54144
MEDIUM
CVSS 5.4
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apple
Open Redirect
Mozilla
Firefox
iOS
-
CVE-2025-52338
MEDIUM
CVSS 5.3
An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2025-52337
MEDIUM
CVSS 6.5
An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Command Injection
File Upload
RCE
-
CVE-2025-51540
MEDIUM
CVSS 5.3
EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5(md5(password)). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
-
CVE-2025-51539
MEDIUM
CVSS 5.3
EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
PHP
Path Traversal
Ezged3
-
CVE-2025-51529
MEDIUM
CVSS 5.3
Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
Denial Of Service
Cookies And Content Security Policy
-
CVE-2025-51510
MEDIUM
CVSS 4.9
MoonShine was discovered to contain a SQL injection vulnerability under the Blog -> Categories page when using the moonshine-tree-resource (version < 2.0.2) component. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
Moonshine
-
CVE-2025-51506
MEDIUM
CVSS 6.5
In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQLi
Hrforecast Suite
-
CVE-2025-51489
MEDIUM
CVSS 5.4
A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Moonshine
-
CVE-2025-51488
MEDIUM
CVSS 4.9
A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Moonshine
-
CVE-2025-51487
MEDIUM
CVSS 4.5
A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Moonshine
-
CVE-2025-50938
MEDIUM
CVSS 6.1
Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP
XSS
Hustoj
-
CVE-2025-50926
MEDIUM
CVSS 6.5
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
Easy Hosting Control Panel
-
CVE-2025-50897
MEDIUM
CVSS 4.3
A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
Denial Of Service
Boomv
-
CVE-2025-50579
MEDIUM
CVSS 5.3
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Nginx
Information Disclosure
Nginx Proxy Manager
-
CVE-2025-50461
MEDIUM
CVSS 6.5
A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/model_merger.py script when using the "fsdp" backend. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Command Injection
Deserialization
RCE
-
CVE-2025-50434
MEDIUM
CVSS 5.3
A security issue has been identified in Appian Enterprise Business Process Management version 25.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
-
CVE-2025-43745
MEDIUM
CVSS 6.9
A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13,. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CSRF
Digital Experience Platform
Liferay Portal
-
CVE-2025-43744
MEDIUM
CVSS 5.1
A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Digital Experience Platform
Liferay Portal
-
CVE-2025-43743
MEDIUM
CVSS 5.3
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information Disclosure
Digital Experience Platform
Liferay Portal
-
CVE-2025-43740
MEDIUM
CVSS 4.6
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7,. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Digital Experience Platform
Liferay Portal
-
CVE-2025-43739
MEDIUM
CVSS 5.3
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Digital Experience Platform
Liferay Portal
-
CVE-2025-43738
MEDIUM
CVSS 5.1
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Digital Experience Platform
Liferay Portal
-
CVE-2025-43737
MEDIUM
CVSS 5.1
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Digital Experience Platform
Liferay Portal
-
CVE-2025-41685
MEDIUM
CVSS 6.5
A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information Disclosure
-
CVE-2025-38615
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38614
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38613
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpib_board_info_ioctl is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38612
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after fb_info structure is successfully. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38610
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() The get_pd_power_uw() function can crash with a NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38609
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor->name Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38608
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38607
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: bpf: handle jset (if a & b ...) as a jump in CFG computation BPF_JSET is a conditional jump and currently verifier.c:can_jump(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38606
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss During beacon miss handling, ath12k driver iterates over. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Redhat
-
CVE-2025-38605
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Redhat
-
CVE-2025-38604
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187_stop() move the call of usb_kill_anchored_urbs() before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38602
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38601
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38600
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and sreq->ssids[] arrays have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38597
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port Each window of a vop2 is usable by a specific set of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Microsoft
Linux
Linux Kernel
-
CVE-2025-38591
MEDIUM
CVSS 5.5
A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) verifier allows unprivileged local users to trigger a kernel warning and denial of service by performing narrower-than-expected memory access to pointer context fields. The flaw exists in how the verifier handles pointer field access validation in context structures like __sk_buff, where it incorrectly permits sub-byte or misaligned reads that should be rejected. An attacker with local user privileges can craft a malicious BPF program that causes the kernel to emit a verifier warning ("verifier bug: error during ctx access conversion") and potentially crash or destabilize the system, affecting all Linux kernel versions prior to the patched releases.
Linux
Denial Of Service
Linux Kernel
Redhat
Suse
-
CVE-2025-38590
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
Denial Of Service
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38589
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: neighbour: Fix null-ptr-deref in neigh_flush_dev(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Null Pointer Dereference
Canonical
Debian
Linux
Denial Of Service
-
CVE-2025-38588
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38587
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6_info_uses_dev() fib6_info_uses_dev() seems to rely on RCU without an explicit protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38586
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix fp initialization for exception boundary In the ARM64 BPF JIT when prog->aux->exception_boundary is set for a BPF. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Redhat
-
CVE-2025-38583
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38581
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding the ccp device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Amd
Linux
Linux Kernel
-
CVE-2025-38578
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Linux
Memory Corruption
Google
Use After Free
Denial Of Service
-
CVE-2025-38577
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Linux
Memory Corruption
Google
Use After Free
Information Disclosure
-
CVE-2025-38576
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38573
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38571
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38569
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: kernel BUG at mm/vmalloc.c:3457!. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38567
MEDIUM
CVSS 4.7
In the Linux kernel, the following vulnerability has been resolved: nfsd: avoid ref leak in nfsd_open_local_fh() If two calls to nfsd_open_local_fh() race and both successfully call. Rated medium severity (CVSS 4.7).
Linux
Information Disclosure
Race Condition
Linux Kernel
Redhat
-
CVE-2025-38564
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: perf/core: Handle buffer mapping fail correctly in perf_mmap() After successful allocation of a buffer or a successful attachment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38562
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generate_encryptionkey If client send two session setups with krb5 authenticate to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38561
MEDIUM
CVSS 4.7
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Preauh_HashValue race condition If client send multiple session setup requests to ksmbd, Preauh_HashValue race condition. Rated medium severity (CVSS 4.7).
Linux
Information Disclosure
Race Condition
Linux Kernel
Debian Linux
-
CVE-2025-38560
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38559
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmt: fix a crashlog NULL pointer access Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Intel
Linux Kernel
-
CVE-2025-38558
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcg_framebased_make due to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Qualcomm
Linux
Linux Kernel
-
CVE-2025-38557
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: HID: apple: validate feature-report field count to prevent NULL pointer dereference A malicious HID device with quirk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Null Pointer Dereference
Canonical
Debian
Linux
Apple
-
CVE-2025-38553
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Authentication Bypass
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-33008
MEDIUM
CVSS 5.4
IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM
XSS
Sterling B2b Integrator
Sterling File Gateway
-
CVE-2025-31988
MEDIUM
CVSS 4.9
HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Digital Experience
-
CVE-2025-9186
MEDIUM
CVSS 6.5
Spoofing issue in the Address Bar component of Firefox Focus for Android. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Google
Information Disclosure
Mozilla
Firefox
Android
-
CVE-2025-9183
MEDIUM
CVSS 6.5
Spoofing issue in the Address Bar component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Mozilla
Firefox
Redhat
Suse
-
CVE-2025-9181
MEDIUM
CVSS 6.5
Uninitialized memory in the JavaScript Engine component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Mozilla
Firefox
Thunderbird
Redhat
-
CVE-2025-9175
MEDIUM
CVSS 4.8
A vulnerability was identified in neurobin shc up to 4.0.3.c. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Buffer Overflow
Shc
-
CVE-2025-9174
MEDIUM
CVSS 4.8
A vulnerability was determined in neurobin shc up to 4.0.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Command Injection
Shc
-
CVE-2025-9171
MEDIUM
CVSS 5.1
A security flaw has been discovered in SolidInvoice up to 2.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Solidinvoice
-
CVE-2025-9170
MEDIUM
CVSS 5.1
A vulnerability was identified in SolidInvoice up to 2.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Solidinvoice
-
CVE-2025-9169
MEDIUM
CVSS 5.1
A vulnerability was determined in SolidInvoice up to 2.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Solidinvoice
-
CVE-2025-9168
MEDIUM
CVSS 5.1
A vulnerability was found in SolidInvoice up to 2.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Solidinvoice
-
CVE-2025-9167
MEDIUM
CVSS 5.1
A vulnerability has been found in SolidInvoice up to 2.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Solidinvoice
-
CVE-2025-9157
MEDIUM
CVSS 4.8
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Buffer Overflow
Suse
-
CVE-2025-9156
MEDIUM
CVSS 6.9
A vulnerability was found in itsourcecode Sports Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP
SQLi
Sports Management System
-
CVE-2025-9155
MEDIUM
CVSS 6.9
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP
SQLi
Online Tour Travel Management System
-
CVE-2025-9154
MEDIUM
CVSS 6.9
A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP
SQLi
Online Tour Travel Management System
-
CVE-2025-9153
MEDIUM
CVSS 5.3
A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
PHP
File Upload
Online Tour Travel Management System
-
CVE-2025-9151
MEDIUM
CVSS 5.3
A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Information Disclosure
-
CVE-2025-9150
MEDIUM
CVSS 6.9
A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PHP
SQLi
-
CVE-2025-9149
MEDIUM
CVSS 5.3
A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Command Injection
Wl Nu516u1 Firmware
-
CVE-2025-9148
MEDIUM
CVSS 5.3
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Java
SQLi
-
CVE-2025-9147
MEDIUM
CVSS 5.1
A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHP
XSS
Getsemantic
-
CVE-2025-9145
MEDIUM
CVSS 5.1
A security vulnerability has been detected in Scada-LTS 2.7.8.1.shtm of the component SVG File Handler. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Scada Lts
-
CVE-2025-9144
MEDIUM
CVSS 5.1
A weakness has been identified in Scada-LTS 2.7.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Scada Lts
-
CVE-2025-9143
MEDIUM
CVSS 5.1
A security flaw has been discovered in Scada-LTS 2.7.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Scada Lts
-
CVE-2025-9140
MEDIUM
CVSS 5.3
A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHP
SQLi
Lingdang Crm
-
CVE-2025-9139
MEDIUM
CVSS 5.3
A vulnerability was determined in Scada-LTS 2.7.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Information Disclosure
Scada Lts
-
CVE-2025-9138
MEDIUM
CVSS 5.1
A vulnerability was found in Scada-LTS 2.7.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Scada Lts
-
CVE-2025-9137
MEDIUM
CVSS 5.1
A vulnerability has been found in Scada-LTS 2.7.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Scada Lts
-
CVE-2025-9136
MEDIUM
CVSS 4.8
A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
Buffer Overflow
Retroarch
Suse
-
CVE-2025-9135
MEDIUM
CVSS 4.8
A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Google
Information Disclosure
Smartride
Android
-
CVE-2025-9134
MEDIUM
CVSS 4.8
A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Google
Information Disclosure
Aftership Package Tracker
Android
-
CVE-2025-8783
MEDIUM
CVSS 4.4
The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-8622
MEDIUM
CVSS 6.4
The Flexible Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flexible Maps shortcode in all versions up to, and including, 1.18.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-8567
MEDIUM
CVSS 6.4
The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-8364
MEDIUM
CVSS 4.3
A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Google
Information Disclosure
Mozilla
Firefox
Android
-
CVE-2025-8357
MEDIUM
CVSS 4.3
The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the /wp-content/uploads directory due to insufficient file path validation and user capability checking in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
WordPress
PHP
-
CVE-2025-8041
MEDIUM
CVSS 5.3
In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Google
Information Disclosure
Mozilla
Firefox
Android
-
CVE-2025-7496
MEDIUM
CVSS 6.4
The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-5417
MEDIUM
CVSS 6.1
An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Redhat
Information Disclosure
-
CVE-2025-4690
MEDIUM
CVSS 4.3
A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
-
CVE-2024-45062
MEDIUM
CVSS 6.4
A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
Buffer Overflow
Stack Overflow
RCE
Ippusbxd Firmware
-
CVE-2025-57725
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-57724
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-57723
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-57722
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-57721
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-57720
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-57719
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-57718
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-57717
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-55153
None
Rejected reason: This CVE is a duplicate of another CVE. No vendor patch available.
Information Disclosure
-
CVE-2025-54411
LOW
CVSS 2.4
Discourse is an open-source discussion platform. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
XSS
Discourse
-
CVE-2025-38611
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2025-38603
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2025-9165
LOW
CVSS 2.0
A flaw has been found in LibTIFF 4.7.0. Rated low severity (CVSS 2.0). Public exploit code available.
Information Disclosure
Libtiff
-
CVE-2025-8782
None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.
Information Disclosure
-
CVE-2025-2988
LOW
CVSS 2.7
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM
Information Disclosure
Sterling B2b Integrator
Sterling File Gateway