Skip to main content
CVE-2025-43384 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43383 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43445 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43421 MEDIUM PATCH This Month

Multiple issues were addressed by disabling array allocation sinking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43392 MEDIUM PATCH This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Apple Information Disclosure Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43503 MEDIUM This Month

An inconsistent user interface issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43493 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-12070 MEDIUM This Month

The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-59596 MEDIUM This Month

CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Secure Access Windows
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-62715 MEDIUM POC PATCH This Month

ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Clipbucket
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-62520 MEDIUM POC PATCH This Month

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Authentication Bypass Mantisbt
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-55155 MEDIUM POC PATCH This Month

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Mantisbt
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-54335 MEDIUM This Month

An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Information Disclosure Use After Free Exynos 1480 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-48884 MEDIUM This Month

Galette is a membership management web application for non profit organizations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Galette
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-48076 MEDIUM This Month

Galette is a membership management web application for non profit organizations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Galette
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-27374 MEDIUM This Month

An issue was discovered in the Secure Boot component in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 1280, 2200, 1330, 1380, 1480, 2400. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 9825 Firmware Exynos 9820 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-61431 MEDIUM This Month

A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Infinity Zmaintenance Infinity Zucchetti
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-54327 MEDIUM This Month

An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1380, W920, W930, W1000. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1280 Firmware Exynos 1380 Firmware Exynos 2200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-33176 MEDIUM This Month

NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. Rated medium severity (CVSS 6.2). No vendor patch available.

Information Disclosure Nvidia
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-64322 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Agentforce Vibes
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64321 MEDIUM This Month

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Agentforce Vibes
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64320 MEDIUM This Month

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Agentforce Vibes
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-64319 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.12.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mulesoft Anypoint Code Builder
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64318 MEDIUM This Month

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.12.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Mulesoft Anypoint Code Builder
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-10875 MEDIUM This Month

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.11.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Mulesoft Anypoint Code Builder
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54333 MEDIUM This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1380 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54325 MEDIUM This Month

An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1080, 1280, 2200, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Exynos 1080 Firmware Exynos 1280 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-60925 MEDIUM POC This Month

codeshare v1.0.0 was discovered to contain an information leakage vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Codeshare
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54331 MEDIUM This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1380 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54330 MEDIUM This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Exynos 1380 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-63294 MEDIUM POC This Week

WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hrm Saas
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12184 MEDIUM Monitor

The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-12695 MEDIUM This Month

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-12045 MEDIUM This Month

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and tag 'name' parameters. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-20749 MEDIUM This Month

In charger, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20748 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20747 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20746 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20745 MEDIUM Monitor

In apusys, there is a possible memory corruption due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Use After Free Privilege Escalation +2
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20744 MEDIUM Monitor

In pda, there is a possible escalation of privilege due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Privilege Escalation Android +1
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20743 MEDIUM Monitor

In clkdbg, there is a possible escalation of privilege due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Privilege Escalation Android +1
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20741 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20740 MEDIUM Monitor

In wlan STA driver, there is a possible out of bounds read due to a race condition. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Information Disclosure Software Development Kit
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-20739 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20738 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20736 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20734 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20732 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20731 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20730 MEDIUM This Month

In preloader, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Yocto Rdk B Android +2
NVD
CVSS 3.1
6.7
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy