Skip to main content
CVE-2025-30263 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Qsync Central
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-30262 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Qsync Central
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-30261 HIGH This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qsync Central
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-30260 HIGH This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qsync Central
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-29900 HIGH This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-29899 HIGH This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-29898 MEDIUM This Month

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qsync Central
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2025-29894 HIGH This Month

An SQL injection vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qsync Central
NVD
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-29893 HIGH This Month

An SQL injection vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qsync Central
NVD
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-29890 HIGH This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-29889 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-29888 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-29887 HIGH This Month

A command injection vulnerability has been reported to affect QuRouter 2.5.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Qurouter
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-29886 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-29882 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-55579 MEDIUM POC This Month

SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Solidinvoice
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-29879 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-29878 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-29875 HIGH This Month

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-29874 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-22483 HIGH This Month

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Qnap XSS License Center
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-12923 LOW Monitor

A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable. No vendor patch available.

XSS Photo Station
NVD
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-55750 MEDIUM This Month

Gitpod is a developer platform for cloud development environments. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55202 LOW PATCH Monitor

Opencast is a free, open-source platform to support the management of educational audio and video content. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Opencast
NVD GitHub
CVSS 4.0
2.7
EPSS
0.1%
CVE-2025-55177 MEDIUM KEV THREAT Act Now

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Authentication Bypass Apple Whatsapp Whatsapp Business iOS
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2025-54877 MEDIUM PATCH This Month

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Tuleap
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-47909 HIGH PATCH This Month

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-46916 HIGH POC This Week

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Microsoft Privilege Escalation Vynamic Security Suite Windows
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-9654 MEDIUM PATCH This Month

A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-55304 LOW POC PATCH Monitor

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Rated low severity (CVSS 1.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Exiv2
NVD GitHub
CVSS 4.0
1.8
EPSS
0.0%
CVE-2025-54080 LOW PATCH Monitor

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Rated low severity (CVSS 1.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Exiv2
NVD GitHub
CVSS 4.0
1.8
EPSS
0.0%
CVE-2025-40708 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-40707 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-40706 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-40705 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-40704 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-40703 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-40702 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-9217 MEDIUM This Month

The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'used_svg' and 'used_images' parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal PHP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13342 HIGH PATCH This Month

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress RCE File Upload Booster For Woocommerce
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-9071 LOW Monitor

Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-7383 MEDIUM This Month

Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Oracle Information Disclosure
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-7071 MEDIUM This Month

Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Oracle Information Disclosure
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-4644 MEDIUM PATCH This Month

A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-4643 MEDIUM PATCH This Month

Payload uses JSON Web Tokens (JWT) for authentication. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-8150 MEDIUM This Month

The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter and Countdown widgets in all versions up to, and including, 2.2.9 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2024-13987 MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server allows remote authenticated users with administrator privileges to read or. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-54777 MEDIUM This Month

Uncaught exception issue exists in Multiple products in bizhub series. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-9441 MEDIUM This Month

The iATS Online Forms plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order' parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-9374 MEDIUM Monitor

The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy