Skip to main content
CVE-2025-50434 MEDIUM POC This Month

A security issue has been identified in Appian Enterprise Business Process Management version 25.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-43738 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-51510 MEDIUM POC Monitor

MoonShine was discovered to contain a SQL injection vulnerability under the Blog -> Categories page when using the moonshine-tree-resource (version < 2.0.2) component. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Moonshine
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-51489 MEDIUM POC PATCH This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moonshine
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-51488 MEDIUM POC PATCH Monitor

A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moonshine
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-51487 MEDIUM POC PATCH Monitor

A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moonshine
NVD GitHub
CVSS 3.1
4.5
EPSS
0.1%
CVE-2025-50897 MEDIUM POC Monitor

A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Boomv
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-50579 MEDIUM This Month

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Information Disclosure Nginx Proxy Manager
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-54336 CRITICAL This Week

In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-50461 MEDIUM This Month

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/model_merger.py script when using the "fsdp" backend. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Deserialization RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-4690 MEDIUM Monitor

A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD HeroDevs
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-4046 HIGH This Month

A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-4044 HIGH This Month

Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

XXE Microsoft Windows
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-43739 MEDIUM PATCH This Month

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2024-45062 MEDIUM POC This Month

A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE Ippusbxd Firmware
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-43740 MEDIUM Monitor

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7,. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-9136 MEDIUM PATCH Monitor

A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Retroarch Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-8783 MEDIUM Monitor

The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-8567 MEDIUM This Month

The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-41689 HIGH This Month

An unauthenticated remote attacker can get access without password protection to the affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-41685 MEDIUM This Month

A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-8723 CRITICAL This Week

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hook_rest_pre_dispatch() method in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Code Injection RCE PHP Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2025-8622 MEDIUM This Month

The Flexible Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flexible Maps shortcode in all versions up to, and including, 1.18.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-7670 HIGH This Month

The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the build_sql_where() function in all versions up to, and including, 6.1.5 due to insufficient escaping on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-7654 HIGH This Month

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Information Disclosure PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-38553 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Linux Linux Kernel Debian Linux Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-7496 MEDIUM This Month

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy