Skip to main content
CVE-2025-58364 MEDIUM POC PATCH This Month

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Cups Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-8570 CRITICAL Act Now

The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-59053 CRITICAL Act Now

AIRI is a self-hosted, artificial intelligence based Grok Companion. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection XSS
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-36222 HIGH This Week

IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Storage Fusion Storage Fusion Hci Storage Fusion Hci For Watsonx
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-56556 LOW POC Monitor

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Subrion Cms
NVD GitHub
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-39790 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Detect events pointing to unexpected TREs When a remote device sends a completion event to the host, it contains a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39776 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: clear page table entries at destroy_args() The mm/debug_vm_pagetable test allocates manually page table. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Use After Free IBM Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39738 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not allow relocation of partially dropped subvolumes [BUG] There is an internal report that balance triggered transaction. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39788 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE On Google gs101, the number of UTP transfer request slots (nutrs) is 32,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Linux Memory Corruption Buffer Overflow Google Samsung
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39783 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a list_del() on the epf_group field of struct pci_epf_driver in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39766 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit The following setup can trigger a WARNING in htb_activate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39743 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: jfs: truncate good inode pages when hard link is 0 The fileset value of the inode copy from the disk by the reproducer is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-8422 HIGH This Week

The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.7.6.7 via the send_email() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9874 HIGH This Week

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwp_dashboard' shortcode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress LFI PHP RCE Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-39756 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INT_MAX When sysctl_nr_open is set to a very high value (for example,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-40300 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39770 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM When performing Generic Segmentation Offload (GSO) on an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39773 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix soft lockup in br_multicast_query_expired() When set multicast_query_interval to a large value, the local variable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39782 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: jbd2: prevent softlockup in jbd2_log_do_checkpoint() Both jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Huawei Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48041 HIGH PATCH This Week

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-6088 LOW POC PATCH Monitor

In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-39760 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-39757 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-39749 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: rcu: Protect ->defer_qs_iw_pending from data race On kernels built with CONFIG_IRQ_WORK=y, when rcu_read_unlock() is invoked within. Rated high severity (CVSS 7.0).

Information Disclosure Linux
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-39759 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between a task disabling quotas and another. Rated high severity (CVSS 7.0).

Linux Information Disclosure Race Condition
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-48040 MEDIUM PATCH This Month

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-9451 MEDIUM This Month

The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.69 due to insufficient escaping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-9123 MEDIUM This Month

The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup heading and location address parameters in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8689 MEDIUM This Month

The Elements Plus!. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8215 MEDIUM This Month

The Responsive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-9128 MEDIUM This Month

The eID Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.9.3 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-10236 LOW POC Monitor

A vulnerability has been found in binary-husky gpt_academic up to 3.91. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-10272 LOW POC Monitor

A vulnerability was determined in erjinzhi 10OA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10271 LOW POC Monitor

A vulnerability was found in erjinzhi 10OA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10251 LOW POC Monitor

A vulnerability was detected in FoxCMS up to 1.24. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10253 LOW POC Monitor

A vulnerability has been found in openDCIM 23.04. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-10235 LOW POC Monitor

A flaw has been found in Scada-LTS up to 2.7.8.1.shtm of the component Reports Module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-10234 LOW POC Monitor

A vulnerability was detected in Scada-LTS up to 2.7.8.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-39763 MEDIUM PATCH This Month

CVE-2025-39763 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Denial Of Service Memory Corruption Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39748 MEDIUM PATCH This Month

Linux kernel BPF verifier fails to properly handle range invariants when refining register bounds following JSET (bitwise AND test) instructions, allowing local privileged users to trigger kernel warnings and cause denial of service. The vulnerability affects all Linux kernel versions with BPF subsystem support across multiple kernel branches. While EPSS probability is very low (0.02%, percentile 5%), the issue manifests as a kernel warning on unreachable code paths that the verifier incorrectly traverses, and patches are available from upstream kernel repositories.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39764 MEDIUM PATCH This Month

Memory leak in Linux kernel netfilter conntrack expectation dumper (CVE-2025-39764) allows local authenticated attackers to cause denial of service through refcount double-increment during dump resumption operations. The vulnerability affects Linux kernel versions including 6.17-rc1 and impacts the netfilter module's expectation object lifecycle management. Patch commits are available upstream; exploitation requires local system access with unprivileged user privileges.

Linux Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39772 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: drm/hisilicon/hibmc: fix the hibmc loaded failed bug When hibmc loaded failed, the driver use hibmc_unload to free the resource,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39787 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdt_loader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39752 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: ARM: rockchip: fix kernel hang during smp initialization In order to bring up secondary CPUs main CPU write trampoline code to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39742 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() The function divides number of online CPUs by num_core_siblings,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39737 MEDIUM PATCH CISA This Month

CVE-2025-39737 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39736 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock When netpoll is enabled, calling pr_warn_once() while holding. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39791 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dm: dm-crypt: Do not partially accept write BIOs with zoned targets Read and write operations issued to a dm-crypt target may be. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-8492 MEDIUM This Month

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-48039 MEDIUM PATCH This Month

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy