Skip to main content
CVE-2025-9865 MEDIUM PATCH This Month

Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-58641 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit Intent Popup allows Server Side Request Forgery.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-56435 MEDIUM This Month

SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE SQLi Foxcms
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-21479 MEDIUM This Month

Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Smart Suggestions Samsung
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-58600 MEDIUM This Month

Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.15.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-58210 MEDIUM This Month

Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.8.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-58635 MEDIUM This Month

Missing Authorization vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels.4.23. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-58634 MEDIUM This Month

Missing Authorization vulnerability in peachpay PeachPay Payments allows Exploiting Incorrectly Configured Access Control Security Levels.117.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-58613 MEDIUM This Month

Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort allows Exploiting Incorrectly Configured Access Control Security Levels.4.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-58603 MEDIUM This Month

Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels.6.4.574. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-21466 MEDIUM This Month

PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-58606 MEDIUM This Month

Missing Authorization vulnerability in CozyThemes SaasLauncher allows Exploiting Incorrectly Configured Access Control Security Levels.3.0. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-0878 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft LimonDesk allows Cross-Site Scripting (XSS).02.14 before v1.02.17. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-21467 MEDIUM This Month

Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message. Rated medium severity (CVSS 4.6). No vendor patch available.

Authentication Bypass Samsung Exynos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-58615 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Bannerize Pro allows Server Side Request Forgery.10.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-58597 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-58622 MEDIUM This Month

Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting Incorrectly Configured Access Control Security Levels.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58617 MEDIUM This Month

Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.1.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58601 MEDIUM This Month

Missing Authorization vulnerability in RadiusTheme Classified Listing allows Exploiting Incorrectly Configured Access Control Security Levels.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58599 MEDIUM This Month

Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58594 MEDIUM This Month

Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels.7.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-3701 MEDIUM This Month

Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner allows Exploiting Incorrectly Configured Access Control Security Levels.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-13066 MEDIUM This Month

Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking.02.14 before v1.02.17. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-13064 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft MyRezzta allows Cross-Site Scripting (XSS).02.02 before v2.05.01. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58611 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Tickera Tickera allows Cross Site Request Forgery.5.5.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2023-21471 MEDIUM This Month

Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-21026 MEDIUM This Month

Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2023-21470 MEDIUM This Month

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2023-21469 MEDIUM This Month

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-8268 MEDIUM This Month

The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-56139 MEDIUM This Month

LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment before. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linkedin Android
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-55162 MEDIUM POC PATCH This Month

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy Red Hat Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-20336 MEDIUM This Month

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Desk Phone 9841 Firmware Desk Phone 9851 Firmware Desk Phone 9861 Firmware +14
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20335 MEDIUM This Month

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Desk Phone 9841 Firmware Desk Phone 9851 Firmware Desk Phone 9861 Firmware +14
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20330 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-20328 MEDIUM This Month

A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privileges to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Webex Meetings
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-20326 MEDIUM Monitor

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Unified Communications Manager
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-20291 MEDIUM Monitor

A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrusted website. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Webex Meetings
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-20287 MEDIUM Monitor

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to upload arbitrary files to an affected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco File Upload Evolved Programmable Network Manager
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-20280 MEDIUM Monitor

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-20270 MEDIUM Monitor

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-9867 MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-56689 MEDIUM POC Monitor

One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass One Identity
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-9823 MEDIUM PATCH Monitor

SummaryA Cross-Site Scripting (XSS) vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-58460 MEDIUM PATCH Monitor

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Jenkins Opentelemetry
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-58459 MEDIUM PATCH Monitor

Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Global Build Stats
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58458 MEDIUM PATCH Monitor

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Git Client
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-56608 MEDIUM Monitor

The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Google Android Corona Virus Tracker App For India Android
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-9822 MEDIUM PATCH This Month

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38678 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy