Skip to main content
CVE-2025-57354 MEDIUM POC This Month

A vulnerability exists in the 'counterpart' library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Prototype Pollution Node.js
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-57351 MEDIUM POC This Month

A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Prototype Pollution
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-57348 MEDIUM POC This Month

The node-cube package (prior to version 5.0.0) contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Prototype Pollution Node Cube
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-57324 MEDIUM POC PATCH This Month

parse is a package designed to parse JavaScript SDK. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Parse Javascript Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-57352 MEDIUM POC PATCH This Month

A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Prototype Pollution Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-48867 MEDIUM POC This Month

Horilla is a free and open source Human Resource Management System (HRMS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Horilla
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-9031 MEDIUM This Month

Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57320 MEDIUM POC This Week

json-schema-editor-visual is a package that provides jsonschema editor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Json Schema Editor Visual
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55178 MEDIUM PATCH This Month

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-57353 MEDIUM POC PATCH This Month

The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Node.js
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20338 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-20316 MEDIUM This Month

A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20314 MEDIUM This Month

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-20313 MEDIUM This Month

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Path Traversal
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-20293 MEDIUM This Month

A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20240 MEDIUM This Month

A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-20149 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Apple
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20365 MEDIUM Monitor

A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on an affected. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-20364 MEDIUM Monitor

A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated, adjacent attacker to inject wireless 802.11 action frames. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Code Injection
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-20339 MEDIUM This Month

A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-27036 MEDIUM This Month

Information disclosure when Video engine escape input data is less than expected minimum size. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +18
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-27033 MEDIUM This Month

Information disclosure while running video usecase having rogue firmware. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qcm5430 Firmware Qcm6490 Firmware Qcs5430 Firmware +29
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-27030 MEDIUM This Month

information disclosure while invoking calibration data from user space to update firmware size. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure C V2x 9150 Firmware Qam8295p Firmware Qca6574au Firmware +38
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-10360 MEDIUM This Month

In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-8869 MEDIUM PATCH This Month

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Red Hat Suse
NVD GitHub
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-23275 MEDIUM Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. Rated medium severity (CVSS 4.2). No vendor patch available.

Nvidia Memory Corruption Buffer Overflow Denial Of Service Information Disclosure +2
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-23274 MEDIUM Monitor

NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer overflows in. Rated medium severity (CVSS 4.5). No vendor patch available.

Denial Of Service Buffer Overflow Nvidia Information Disclosure
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-23272 MEDIUM This Month

NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Buffer Overflow Nvidia Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-9353 MEDIUM This Month

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 7.6.9 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-60020 MEDIUM This Month

nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving via a crafted path in packet data. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-39890 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Currently, in ath12k_service_ready_ext_event(),. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-58241 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Disable works on hci_unregister_dev This make use of disable_work_* on hci_unregister_dev since the hci_dev is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-58457 MEDIUM POC PATCH Monitor

Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions.9.0 before 3.9.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Zookeeper Red Hat
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-41716 MEDIUM This Month

The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-48459 MEDIUM PATCH GHSA This Month

Deserialization of Untrusted Data vulnerability in Apache IoTDB.0.0 before 2.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Iotdb
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2025-43819 MEDIUM PATCH This Month

A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-43779 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy