Skip to main content
CVE-2025-43308 MEDIUM This Month

This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-43332 MEDIUM This Month

A file quarantine bypass was addressed with additional checks. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-43311 MEDIUM This Month

This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-6947 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-43802 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in a custom object’s /o/c/<object-name> API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2023-53204 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data-races around user->unix_inflight. Rated medium severity (CVSS 4.7).

Linux Information Disclosure Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-53188 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix race on port output assume the following setup on a single machine: 1. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-53186 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: skbuff: Fix a race between coalescing and releasing SKBs Commit 1effe8ca4e34 ("skbuff: fix coalescing for page_pool fragment. Rated medium severity (CVSS 4.7).

Linux Information Disclosure Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-50259 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: fix race in sock_map_free() sock_map_free() calls release_sock(sk) without owning a reference on the socket. Rated medium severity (CVSS 4.7).

Linux Google Information Disclosure Race Condition Linux Kernel +2
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-53178 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: fix zswap writeback race condition The zswap writeback mechanism can cause a race condition resulting in memory corruption,. Rated medium severity (CVSS 4.7).

Linux Buffer Overflow Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-53166 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq25890: Fix external_power_changed race bq25890_charger_external_power_changed() dereferences bq->charger, which. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Lenovo Race Condition Linux Kernel +2
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-43310 MEDIUM This Month

A configuration issue was addressed with additional restrictions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-43368 MEDIUM PATCH CISA This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Apple Use After Free
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-9078 MEDIUM PATCH This Month

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-43203 MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43375 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xcode
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43370 MEDIUM Monitor

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xcode
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43369 MEDIUM This Month

This issue was addressed with improved handling of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43366 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43331 MEDIUM Monitor

A downgrade issue was addressed with additional code-signing restrictions. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43325 MEDIUM This Month

An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43318 MEDIUM This Month

This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-43307 MEDIUM Monitor

This issue was addressed with improved checks to prevent unauthorized actions. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43279 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-43262 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-43231 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43208 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43207 MEDIUM This Month

This issue was addressed with improved entitlements. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-31270 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-31254 MEDIUM This Month

This issue was addressed with improved URL validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apple Safari Ipados Iphone Os +1
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-30468 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6999 MEDIUM This Month

An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling XSS
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-43797 MEDIUM PATCH This Month

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-59056 MEDIUM This Month

FreePBX is an open-source web-based graphical user interface. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Freepbx
NVD GitHub
CVSS 4.0
6.6
EPSS
0.1%
CVE-2025-55211 MEDIUM This Month

FreePBX is an open-source web-based graphical user interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Freepbx
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-43799 MEDIUM PATCH This Month

Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-59154 MEDIUM PATCH This Month

Openfire is an XMPP server licensed under the Open Source Apache License. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Apache
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-56448 MEDIUM POC This Week

The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Px360Bt Firmware
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-45091 MEDIUM This Month

Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable to a stored Cross-Site Scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-43800 MEDIUM PATCH Monitor

Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-43791 MEDIUM PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-59328 MEDIUM PATCH This Month

A vulnerability in Apache Fory allows a remote attacker to cause a Denial of Service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Apache Fory
NVD
CVSS 3.1
6.5
EPSS
3.1%
CVE-2025-59155 MEDIUM PATCH This Month

hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-58177 MEDIUM PATCH This Month

n8n is an open source workflow automation platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Information Disclosure XSS N8n Langchain AI / ML
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-57176 MEDIUM POC This Week

On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-57104 MEDIUM This Month

Teampel 5.1.6 is vulnerable to SQL Injection in /Common/login.aspx. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Teampel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-49089 MEDIUM This Month

wangxutech MoneyPrinterTurbo 1.2.6 allows path traversal via /api/v1/download/ URIs such as /api/v1/download//etc/passwd. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Moneyprinterturbo
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-59397 MEDIUM PATCH This Month

Open Web Analytics (OWA) before 1.8.1 allows owa_db.php v[value] SQL injection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-43793 MEDIUM PATCH This Month

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-36082 MEDIUM Monitor

IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Openpages
NVD
CVSS 3.1
4.0
EPSS
0.0%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy