Skip to main content
CVE-2025-55731 MEDIUM PATCH This Month

Frappe is a full-stack web application framework. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Frappe
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-36114 MEDIUM PATCH This Month

IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Soar Qradar Plugin App
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1142 MEDIUM This Month

IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Edge Application Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-1139 MEDIUM This Month

IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Edge Application Manager
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-55499 MEDIUM POC This Week

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54927 MEDIUM Monitor

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the sys

Authentication Bypass Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-54175 MEDIUM Monitor

QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Quick Cms Ext
NVD
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-54174 MEDIUM This Month

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Quick Cms
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-54172 MEDIUM Monitor

QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Quick Cms
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-4437 MEDIUM This Month

There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-43750 MEDIUM PATCH This Month

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-43749 MEDIUM This Month

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-8102 MEDIUM This Month

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-7777 MEDIUM This Month

The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-43742 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-43741 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-57734 MEDIUM Monitor

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57733 MEDIUM This Month

In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Teamcity
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-57730 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

XSS Intellij Idea
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-57729 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start. Rated medium severity (CVSS 6.5). No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-57728 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intellij Idea
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-57727 MEDIUM Monitor

In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-9229 MEDIUM This Month

Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-9228 MEDIUM Monitor

MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-39954 MEDIUM This Month

java on windows\linux\mac os e.g. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Microsoft SSRF Eventmesh Windows +1
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-9225 MEDIUM This Month

Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-9202 MEDIUM Monitor

The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8618 MEDIUM This Month

The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woosq_btn shortcode in all versions up to, and including, 4.2.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-55706 MEDIUM This Month

URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-54551 MEDIUM This Month

Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-53522 MEDIUM This Month

Movable Type contains an issue with use of less trusted source. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-54364 MEDIUM This Month

Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-54363 MEDIUM This Month

Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy