Skip to main content
CVE-2025-34230 MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP SSRF Virtual Appliance Application +1
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34229 MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP SSRF Virtual Appliance Application +1
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34228 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP SSRF Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-34225 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP SSRF Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-34224 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose a set of PHP scripts under the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
10.0
EPSS
0.8%
CVE-2025-34223 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) contain a default admin account and an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
10.0
EPSS
1.9%
CVE-2025-34222 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes -. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker HP PHP Virtual Appliance Application +1
NVD
CVSS 4.0
10.0
EPSS
0.1%
CVE-2025-34220 MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contains a /api-gateway/identity/search-groups. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34218 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Privilege Escalation Information Disclosure Virtual Appliance Application +1
NVD
CVSS 4.0
10.0
EPSS
0.7%
CVE-2025-34216 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (VA deployments only) expose a set of unauthenticated REST API. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
10.0
EPSS
0.3%
CVE-2025-34215 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow:. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker RCE Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2025-34212 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Jenkins Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-34211 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA and SaaS deployments) contain a private SSL key and matching. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-34209 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 (VA and SaaS deployments) contain Docker images with the private GPG key and. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-34207 HIGH This Month

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Docker Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
7.9
EPSS
0.1%
CVE-2025-30247 CRITICAL This Week

An OS command injection vulnerability in user interface in Western Digital My Cloud firmware prior to 5.31.108 on NAS platforms allows remote attackers to execute arbitrary system commands via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.7%
CVE-2025-56764 MEDIUM This Month

Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username exists or not by returning different error messages ("Unknown user" vs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Trivision Nc 227Wf Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-35034 MEDIUM This Month

Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Health
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-35033 MEDIUM This Month

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Enterprise Health
NVD
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-35032 MEDIUM This Month

Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Enterprise Health
NVD
CVSS 4.0
6.2
EPSS
0.0%
CVE-2025-35031 MEDIUM Monitor

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Health
NVD
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-35030 HIGH This Month

Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enterprise Health
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-57879 MEDIUM PATCH This Month

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-57878 MEDIUM PATCH This Month

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-57877 MEDIUM PATCH Monitor

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-57876 MEDIUM PATCH Monitor

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-57875 MEDIUM PATCH Monitor

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-57874 MEDIUM PATCH Monitor

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-57873 MEDIUM PATCH Monitor

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-57872 MEDIUM PATCH This Month

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-57871 MEDIUM PATCH Monitor

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-57424 HIGH This Month

A stored cross-site scripting (XSS) vulnerability exists in the MyCourts v3 application within the LTA number profile field. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-41252 HIGH This Month

Description: VMware NSX contains a username enumeration vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-41251 HIGH This Month

VMware NSX contains a weak password recovery mechanism vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure VMware
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-36099 MEDIUM Monitor

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Application Server
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-34196 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain a hardcoded private key for the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Virtual Appliance Application Virtual Appliance Host Windows
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-57483 HIGH This Month

A reflected cross-site scripting (XSS) vulnerability in tawk.to chatbox widget v4 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-41250 HIGH This Month

VMware vCenter contains an SMTP header injection vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection VMware
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-7104 HIGH POC PATCH This Month

A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Librechat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-61659 MEDIUM PATCH This Month

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-56795 CRITICAL POC PATCH Act Now

Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting (XSS) in the recipe creation functionality. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Mealie
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-56234 HIGH This Month

AT_NA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-56233 HIGH This Month

Openindiana, kernel SunOS 5.11 has a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-51495 HIGH POC PATCH This Month

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Mongoose Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-41245 MEDIUM Monitor

VMware Aria Operations contains an information disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-41244 HIGH POC KEV PATCH THREAT Act Now

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Privilege Escalation VMware Aria Operations Cloud Foundation Cloud Foundation Operations +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-41246 HIGH This Month

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. Rated high severity (CVSS 7.6). No vendor patch available.

Authentication Bypass Microsoft VMware Windows
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-11155 MEDIUM This Month

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-57516 HIGH POC This Week

OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Publiccms
NVD GitHub
CVSS 3.1
8.2
EPSS
2.7%
CVE-2025-56449 HIGH This Month

A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy