Skip to main content
CVE-2025-34189 MEDIUM POC This Month

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Virtual Appliance Application Virtual Appliance Host macOS
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-57296 MEDIUM POC This Month

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2025-57396 MEDIUM POC This Month

Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Recipes
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-56762 MEDIUM POC This Month

Paracrawl KeOPs v2 is vulnerable to Cross Site Scripting (XSS) in error.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Keops
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59717 MEDIUM POC This Month

In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Node.js Do Markdownit DigitalOcean
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-39845 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() Define ARCH_PAGE_TABLE_SYNC_MASK and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Linux Debian Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-8532 MEDIUM This Month

Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. Rated medium severity (CVSS 6.4). No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8664 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trade Ltd. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-36248 MEDIUM This Month

IBM Copy Services Manager 6.3.13 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Copy Services Manager
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-48007 MEDIUM This Month

Improper Encoding or Escaping of Output vulnerability in Hallo Welt!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bluespice
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-10712 MEDIUM This Month

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831.php/Login/login. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-39857 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() BUG: kernel NULL pointer dereference, address:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39844 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39842 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: ocfs2: prevent release journal inode after journal shutdown Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39838 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39865 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: tee: fix NULL pointer dereference in tee_shm_put tee_shm_put have NULL pointer dereference: __optee_disable_shm_cache --> shm =. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39848 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39847 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: ppp: fix memory leak in pad_compress_skb If alloc_skb() fails in pad_compress_skb(), it returns NULL without releasing the old skb. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39846 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find_io_region(), pcmcia_make_resource() is assigned. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39843 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in set_track_prepare set_track_prepare() can incur lock recursion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-10568 MEDIUM This Month

HyperX NGENUITY software is potentially vulnerable to arbitrary code execution. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection HP RCE Ngenuity
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2025-7702 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pusula Communication Information Internet Industry and Trade Ltd. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-43808 MEDIUM PATCH This Month

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-59689 MEDIUM KEV THREAT Act Now

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Command Injection Email Security Gateway
NVD
CVSS 3.1
6.1
EPSS
6.9%
CVE-2025-43809 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-43803 MEDIUM PATCH This Month

Insecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-26517 MEDIUM This Month

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a privilege escalation vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Storagegrid
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-26516 MEDIUM This Month

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Service vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Storagegrid
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-26514 MEDIUM This Month

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Storagegrid
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-56869 MEDIUM This Month

Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sync In Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-55910 MEDIUM POC This Month

CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cmseasy
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-39858 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: eth: mlx4: Fix IS_ERR() vs NULL check bug in mlx4_en_create_rx_ring Replace NULL check with IS_ERR() check after calling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39856 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix null pointer dereference for ndev In the TX completion packet stage of TI SoCs with CPSW2G. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39852 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 When tcp_ao_copy_all_matching() fails in tcp_v6_syn_recv_sock(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39851 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object VXLAN FDB entries can point to either a remote destination or an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39850 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects When the "proxy" option is enabled on a VXLAN device, the device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-58114 MEDIUM This Month

Improper Input Validation vulnerability in Hallo Welt!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bluespice
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-57880 MEDIUM This Month

Improper Encoding or Escaping of Output vulnerability in Hallo Welt!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bluespice
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-46703 MEDIUM This Month

Improper Encoding or Escaping of Output vulnerability in Hallo Welt!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bluespice
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-10709 MEDIUM POC This Month

A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform 1.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Water Conservancy Informatization
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-10708 MEDIUM POC This Month

A security vulnerability has been detected in Four-Faith Water Conservancy Informatization Platform 1.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Water Conservancy Informatization
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-8531 MEDIUM This Month

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-10719 MEDIUM This Month

Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-10630 MEDIUM PATCH Monitor

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Information Disclosure Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-10457 MEDIUM POC Monitor

The function responsible for handling BLE connection responses does not verify whether a response is expected-that is, whether the device has initiated a connection request. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-10146 MEDIUM This Month

The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_ids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-8487 MEDIUM This Month

The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-59715 MEDIUM Monitor

SMSEagle before 6.11 allows reflected XSS via a username or contact phone number. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Smseagle
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-59714 MEDIUM This Month

In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Grouper
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59713 MEDIUM PATCH This Month

Snipe-IT before 8.1.18 allows unsafe deserialization. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Snipe It
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy