Skip to main content
CVE-2022-50407 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stack overflow by fuzz test. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-10642 MEDIUM This Month

A vulnerability has been found in wangchenyi1996 chat_forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-0547 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paraşüt Software Bizmu allows Cross-Site Scripting (XSS).27.0 through 20250212. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-53401 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() KCSAN found an issue in obj_stock_flush_required():. Rated medium severity (CVSS 4.7).

Denial Of Service Null Pointer Dereference Google Linux Linux Kernel +2
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-53447 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: don't reset unchangable mount option in f2fs_remount() syzbot reports a bug as below: general protection fault, probably for. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Canonical Race Condition Linux Kernel +2
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-50379 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota enable and quota rescan ioctl When enabling quotas, at btrfs_quota_enable(), after committing the. Rated medium severity (CVSS 4.7).

Linux Information Disclosure Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-59040 MEDIUM This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-54860 MEDIUM This Month

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and device reboot. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-26503 MEDIUM This Month

A crafted system call argument can cause memory corruption. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-36146 MEDIUM Monitor

IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Watsonx Data
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-36143 MEDIUM Monitor

IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Watsonx Data
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-36139 MEDIUM This Month

IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Watsonx Data
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-59417 MEDIUM POC PATCH This Week

Lobe Chat is an open-source artificial intelligence chat framework. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE XSS Lobe Chat
NVD GitHub
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-57452 MEDIUM This Month

In realme BackupRestore app v15.1.12_2810c08_250314, improper URI scheme handling in com.coloros.pc.PcToolMainActivity allows local attackers to cause a crash and potential XSS via crafted ADB. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Clone Phone
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-4444 MEDIUM PATCH This Month

A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Suse
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-40678 MEDIUM This Month

Unrestricted upload vulnerability for dangerous file types on Summar Software´s Portal del Empleado. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-25011 MEDIUM This Month

Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ericsson Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-9992 MEDIUM This Month

The Ghost Kit - Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-10493 MEDIUM POC This Month

The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
2.6%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy