Skip to main content
CVE-2025-43806 MEDIUM PATCH This Month

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-57205 MEDIUM POC This Month

iNiLabs School Express (SMS Express) 6.2 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the content-management features available to authenticated admin users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS School Express
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-57204 MEDIUM POC This Month

Stocky POS with Inventory Management & HRM (ui-lib) version 5.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability within the Products module available to authenticated users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Stocky
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47910 MEDIUM PATCH This Month

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-59433 MEDIUM PATCH This Month

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-59432 MEDIUM PATCH This Month

SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) authentication mechanisms. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Red Hat Suse
NVD GitHub
CVSS 4.0
6.6
EPSS
0.1%
CVE-2025-57203 MEDIUM Monitor

MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability within the chatbot generation feature available to authenticated admin users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS Magicai
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-57958 MEDIUM This Month

Missing Authorization vulnerability in WPXPO WowAddons allows Exploiting Incorrectly Configured Access Control Security Levels.0.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-36064 MEDIUM This Month

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Microsoft Information Disclosure Sterling Connect Windows
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-59418 MEDIUM This Month

BunnyPad is a note taking software. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-57438 MEDIUM POC This Week

The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ip 4C Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-55886 MEDIUM This Month

An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-57682 MEDIUM This Month

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Papermark
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-57433 MEDIUM POC This Week

The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ip 4C Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36037 MEDIUM This Month

IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Webmethods Integration
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-59797 MEDIUM This Month

Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, the user-management page, and the plane page. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-46711 MEDIUM This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Ddk
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-25177 MEDIUM This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-9541 MEDIUM Monitor

The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD WPScan
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-9487 MEDIUM Monitor

The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP XSS
NVD WPScan
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-9115 MEDIUM This Month

The Etsy Shop WordPress plugin before 3.0.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress XSS PHP
NVD WPScan
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-59801 MEDIUM PATCH Monitor

In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-59798 MEDIUM PATCH Monitor

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Stack Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-10772 MEDIUM This Month

A vulnerability was identified in huggingface LeRobot up to 0.3.3. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
Prev Page 7 of 7

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy