Skip to main content
CVE-2025-1139 MEDIUM This Month

IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Edge Application Manager
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-57491 HIGH This Month

Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-9074 CRITICAL POC Act Now

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Microsoft Information Disclosure Windows
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.9%
CVE-2025-8448 LOW Monitor

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS netwo

Authentication Bypass Information Disclosure
NVD
CVSS 4.0
1.0
EPSS
0.0%
CVE-2025-55503 HIGH POC This Month

Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-55499 MEDIUM POC This Week

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55483 HIGH POC This Month

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54927 MEDIUM Monitor

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the sys

Authentication Bypass Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-54926 HIGH This Month

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets

RCE Path Traversal
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-54925 HIGH This Month

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.

Authentication Bypass Information Disclosure SSRF
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54924 HIGH This Month

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.

Authentication Bypass Information Disclosure SSRF
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54923 HIGH This Month

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization.

RCE Deserialization
NVD
CVSS 4.0
8.7
EPSS
1.4%
CVE-2025-50503 HIGH This Month

A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an attacker to bypass the OTP reset password mechanism. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-32010 HIGH This Month

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tenda Buffer Overflow Stack Overflow RCE Ac6 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2025-31355 HIGH This Month

A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda RCE Ac6 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-30256 HIGH This Month

A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tenda Ac6 Firmware
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-27129 CRITICAL This Week

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tenda RCE Ac6 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-24496 HIGH This Month

An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Information Disclosure Ac6 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-24322 HIGH This Month

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tenda RCE Ac6 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-8453 HIGH This Month

arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-54175 MEDIUM Monitor

QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Quick Cms Ext
NVD
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-54174 MEDIUM This Month

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Quick Cms
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-54172 MEDIUM Monitor

QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Quick Cms
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-4437 MEDIUM This Month

There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-43750 MEDIUM PATCH This Month

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-43749 MEDIUM This Month

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-8102 MEDIUM This Month

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-7777 MEDIUM This Month

The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-43742 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-43741 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.1
EPSS
0.0%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

PHP File Upload
NVD
CVE-2025-57734 MEDIUM Monitor

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57733 MEDIUM This Month

In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Teamcity
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-57732 HIGH This Month

In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-57731 HIGH This Month

In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-57730 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

XSS Intellij Idea
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-57729 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start. Rated medium severity (CVSS 6.5). No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-57728 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intellij Idea
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-57727 MEDIUM Monitor

In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-9229 MEDIUM This Month

Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-9228 MEDIUM Monitor

MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-39954 MEDIUM This Month

java on windows\linux\mac os e.g. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Microsoft SSRF Eventmesh Windows +1
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-9225 MEDIUM This Month

Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-9202 MEDIUM Monitor

The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8618 MEDIUM This Month

The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woosq_btn shortcode in all versions up to, and including, 4.2.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-55706 MEDIUM This Month

URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-54551 MEDIUM This Month

Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-53522 MEDIUM This Month

Movable Type contains an issue with use of less trusted source. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy