Skip to main content
CVE-2025-20362 MEDIUM POC KEV THREAT CISA CERT-EU This Month

Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 43.6%.

Authentication Bypass Denial Of Service Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
6.5
EPSS
43.6%
Threat
7.6
CVE-2025-29157 MEDIUM POC This Month

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Swagger Petstore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-56769 MEDIUM POC PATCH This Month

An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Hutool
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-59422 MEDIUM POC PATCH This Month

Dify is an open-source LLM app development platform. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Dify
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-59402 MEDIUM POC This Month

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bravo Compute Box Firmware
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-57623 MEDIUM POC This Month

A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference N600r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-60249 MEDIUM This Month

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-10951 MEDIUM This Month

A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-10947 MEDIUM This Month

Sistemas Pleno Gestão de Locação versions up to 2025.7.x contain an authorization bypass vulnerability in the CPF validation endpoint (/api/areacliente/pessoa/validarCpf) that allows remote, unauthenticated attackers to manipulate the pes_cpf parameter and bypass access controls. The vulnerability has a CVSS score of 5.5 (moderate) but carries a very low EPSS exploitation probability of 0.04% (11th percentile), suggesting limited real-world attack likelihood despite publicly available exploit code. Upgrading to version 2025.8.0 resolves the issue.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10973 MEDIUM This Month

A flaw has been found in JackieDYH Resume-management-system up to fb6b857d852dd796e748ce30c606fe5e61c18273. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10967 MEDIUM This Month

A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10911 MEDIUM PATCH This Month

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-46152 MEDIUM PATCH This Month

In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Pytorch AI / ML Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-40838 MEDIUM This Month

Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ericsson
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-10945 MEDIUM This Month

A security vulnerability has been detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-26482 MEDIUM This Month

Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Poweredge R770 Firmware Poweredge R670 Firmware Poweredge R570 Firmware +109
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-60018 MEDIUM PATCH This Month

glib-networking's OpenSSL backend fails to properly check the return value of a call to BIO_write(), resulting in an out of bounds read. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-43816 MEDIUM PATCH This Month

A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-29156 MEDIUM This Month

Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Swagger Petstore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-29155 MEDIUM This Month

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Swagger Petstore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-10961 MEDIUM POC This Month

A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-55556 MEDIUM POC This Week

TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tensorflow AI / ML Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55554 MEDIUM PATCH This Month

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Pytorch AI / ML Red Hat +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-43943 MEDIUM This Month

Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Cloud Disaster Recovery
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-33116 MEDIUM PATCH Monitor

IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Watson Studio
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-26333 MEDIUM This Month

Dell BSAFE Crypto-J generates an error message that includes sensitive information about its environment and associated data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Bsafe Crypto J
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-10952 MEDIUM This Month

A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-46153 MEDIUM PATCH This Month

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-46150 MEDIUM PATCH This Month

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-46149 MEDIUM PATCH This Month

In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-46148 MEDIUM PATCH This Month

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-36601 MEDIUM Monitor

Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-59426 MEDIUM POC PATCH Monitor

Lobe Chat is an open-source artificial intelligence chat framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Lobe Chat
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-10540 MEDIUM This Month

iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-10946 MEDIUM This Month

A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-10944 MEDIUM This Month

A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-10943 MEDIUM This Month

A security flaw has been discovered in MikeCen WeChat-Face-Recognition up to 6e3f72bf8547d80b59e330f1137e4aa505f492c1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-21056 MEDIUM This Month

Improper input validation in Retail Mode prior to version 5.59.4 allows self attackers to execute privileged commands on their own devices. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.6
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy