Skip to main content
CVE-2025-38682 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: i2c: core: Fix double-free of fwnode in i2c_unregister_device() Before commit df6d7277e552 ("i2c: core: Do not dereference fwnode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23302 MEDIUM Monitor

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Nvidia
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-23301 MEDIUM Monitor

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Nvidia
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-23262 MEDIUM This Month

NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Nvidia Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-23261 MEDIUM This Month

NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Nvidia
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-23259 MEDIUM PATCH This Month

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Information Disclosure Nvidia Race Condition Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-23258 HIGH This Month

NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Debian
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-23257 HIGH This Month

NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Debian
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-23256 HIGH This Month

NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Nvidia Information Disclosure
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-8311 CRITICAL POC Act Now

dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SQLi
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
1.5%
CVE-2025-6785 MEDIUM Monitor

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD
CVSS 4.0
4.7
EPSS
0.0%
CVE-2025-2694 MEDIUM Monitor

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-2667 LOW Monitor

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-25048 MEDIUM PATCH This Month

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Jazz Foundation
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-43184 MEDIUM PATCH This Month

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz Foundation
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-57263 HIGH POC This Month

An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php admin panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Vx Guestbook
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-7388 HIGH This Month

It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Java
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-41063 MEDIUM Monitor

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-41062 MEDIUM Monitor

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 'page' parameter in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-41061 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41060 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41059 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41058 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41057 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41051 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41050 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41049 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41048 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41047 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41046 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41045 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41044 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Page][name]' parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41043 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[AppReportCode][id]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41042 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Option][message]',. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41041 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]',. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41040 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]',. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41039 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41038 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Group][name]' parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41037 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[FileManager][search]'. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41036 MEDIUM This Month

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Admin][description]',. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apprain
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-41035 HIGH This Month

A problem has been discovered in appRain CMF 4.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apprain
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-41034 HIGH This Month

An SQL injection vulnerability has been found in appRain CMF 4.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apprain
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-41033 HIGH This Month

An SQL injection vulnerability has been found in appRain CMF 4.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apprain
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-41032 HIGH This Month

An SQL injection vulnerability has been found in appRain CMF 4.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apprain
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2024-34598 HIGH This Month

Improper export of component in GoodLock prior to version 2.2.04.95 allows local attackers to install arbitrary applications from Galaxy Store. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Good Lock
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-9519 HIGH This Month

The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE Code Injection PHP
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-9518 HIGH This Month

The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debug_path' parameter in all versions up to, and including, 1.2.22. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2025-9517 HIGH This Month

The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE Code Injection PHP
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-9516 MEDIUM Monitor

The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-9467 MEDIUM PATCH This Month

When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.3
EPSS
0.1%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy