Skip to main content
CVE-2025-10966 MEDIUM POC PATCH CISA This Month

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12829 MEDIUM This Month

An uninitialized stack read issue exists in Amazon Ion-C versions <v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-7700 MEDIUM PATCH This Month

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64437 MEDIUM POC PATCH This Month

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 5.0). Public exploit code available.

Information Disclosure Kubernetes Kubevirt Red Hat Suse
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-64436 MEDIUM POC PATCH This Week

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Privilege Escalation Kubevirt Red Hat Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-64435 MEDIUM POC PATCH This Month

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Kubernetes Kubevirt Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64434 MEDIUM POC PATCH Monitor

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 4.7). Public exploit code available.

Kubernetes Authentication Bypass Kubevirt Red Hat Suse
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-64433 MEDIUM POC PATCH This Week

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Kubernetes Kubevirt Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-63420 MEDIUM POC Monitor

CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Crushftp
NVD GitHub
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-12418 MEDIUM This Month

Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
5.6
EPSS
0.1%
CVE-2025-63544 MEDIUM POC This Month

TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in /order_notes via the id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Techstore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63543 MEDIUM POC This Month

TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in the /search_results endpoint via the q parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Techstore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-12902 MEDIUM Monitor

Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked Storage Device or create a Denial of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-12896 MEDIUM Monitor

Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked storage device. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-63640 MEDIUM POC This Month

Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder", allowing an attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Medicine Reminder App
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63639 MEDIUM POC This Month

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Faq Bot With Ai Assistant
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63638 MEDIUM POC This Month

Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ai Powered To Do List App
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-64432 MEDIUM POC PATCH Monitor

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 4.7). Public exploit code available.

Kubernetes Authentication Bypass Kubevirt Red Hat Suse
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-63717 MEDIUM POC This Week

The change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pet Grooming Management Software
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-61261 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Angular Ckeditor5
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-36185 MEDIUM This Month

IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Nosql Injection IBM Db2 +1
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-36136 MEDIUM This Month

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Microsoft IBM Db2 Windows
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-36135 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36131 MEDIUM Monitor

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft IBM Db2 Windows
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-36008 MEDIUM This Month

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2 Windows
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-36006 MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft IBM Db2 Windows
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-33012 MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Db2
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-2534 MEDIUM This Month

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Microsoft IBM Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12890 MEDIUM This Month

Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF triggers a crash. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-47118 MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow IBM Microsoft Denial Of Service +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-63718 MEDIUM POC This Week

A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Patients Waiting Area Queue Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-63716 MEDIUM POC This Week

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized state-changing operations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Leads Manager Tool
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-63714 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Modern User Account Generator
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63713 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Matching Type Test
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-57697 MEDIUM POC This Week

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Astrbot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-7719 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova Smallworld on Windows, Linux allows File Manipulation.3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft Windows
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-63785 MEDIUM POC This Month

A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the text editor feature of the Onlook web application 0.2.32. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onlook
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63784 MEDIUM POC This Week

An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Onlook
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-63687 MEDIUM POC This Week

An issue was discovered in rymcu forest thru commit f782e85 (2025-09-04) in function doBefore in file src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java, allowing authorized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Forest
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-63686 MEDIUM POC This Week

There is an arbitrary file download vulnerability in GuoMinJim PersonManage thru commit 5a02b1ab208feacf3a34fc123c9381162afbaa95 (2020-11-23) in the document query function under the Download Center. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Personmanage
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-57712 MEDIUM Monitor

A path traversal vulnerability has been reported to affect Qsync Central. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
NVD
CVSS 4.0
4.0
EPSS
0.1%
CVE-2025-53413 MEDIUM Monitor

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
NVD
CVSS 4.0
4.9
EPSS
0.2%
CVE-2025-53410 MEDIUM Monitor

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
NVD
CVSS 4.0
4.9
EPSS
0.2%
CVE-2025-53409 MEDIUM Monitor

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
NVD
CVSS 4.0
4.9
EPSS
0.2%
CVE-2025-47207 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several product versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-46413 MEDIUM This Month

Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-64346 MEDIUM PATCH This Month

archives is a Go library for extracting archives (tar, zip, etc.). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-12527 MEDIUM Monitor

The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydev_notes_save_dashboard_data' function in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12520 MEDIUM Monitor

The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-64338 MEDIUM POC PATCH This Month

ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Clipbucket
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy