Skip to main content
CVE-2025-12101 MEDIUM POC This Month

Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XSS
NVD
CVSS 4.0
5.9
EPSS
2.3%
CVE-2025-12019 MEDIUM POC This Month

The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-12010 MEDIUM This Month

The Authors List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6.1 via the via arbitrary method call from Authors_List_Shortcode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-11828 MEDIUM This Month

The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-13013 MEDIUM PATCH This Month

Mitigation bypass in the DOM: Core & HTML component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-11960 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aryom Software High Technology Systems Inc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-12748 MEDIUM PATCH This Month

A flaw was discovered in libvirt in the XML file processing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-12126 MEDIUM This Month

The The Total Book Project plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0 via several functions due to missing validation on a user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-24848 MEDIUM This Month

Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.3). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-11894 MEDIUM This Month

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.7.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-11999 MEDIUM This Month

The Add Multiple Marker plugin for WordPress is vulnerable to unauthorized modification of data to due to a missing capability check on the addmultiplemarker_reset_map() and amm_save_map_api(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-11891 MEDIUM This Month

The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.0 through publicly exposed log files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12020 MEDIUM This Month

The Double the Donation - A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-12538 MEDIUM This Month

The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-12526 MEDIUM This Month

The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgc_remove' action in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-40760 MEDIUM This Month

A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2024-32014 MEDIUM This Month

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-61845 MEDIUM This Month

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Format Plugins
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-61844 MEDIUM This Month

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Format Plugins
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-61843 MEDIUM This Month

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Format Plugins
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-61842 MEDIUM This Month

Format Plugins versions 1.1.1 and earlier are affected by a Use After Free vulnerability that could lead to memory exposure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Format Plugins
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-61841 MEDIUM This Month

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Format Plugins
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-61840 MEDIUM This Month

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Format Plugins
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-62453 MEDIUM This Month

Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Visual Studio Code
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-62449 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Github Copilot Chat
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-62214 MEDIUM This Month

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Command Injection Visual Studio 2022
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-62209 MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-62208 MEDIUM This Month

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-62206 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-60728 MEDIUM Monitor

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Office Long Term Servicing Channel
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-60723 MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-60722 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google Onedrive Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-60708 MEDIUM This Month

Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +9
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-60706 MEDIUM This Month

Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59513 MEDIUM This Month

Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59510 MEDIUM This Month

Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59509 MEDIUM This Month

Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-59240 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft 365 Apps Excel Office +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-47179 MEDIUM This Month

Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Configuration Manager 2403 Configuration Manager 2409 Configuration Manager 2503
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-35972 MEDIUM This Month

Uncontrolled search path for the Intel MPI Library before version 2021.16 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-33202 MEDIUM This Month

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Microsoft Nvidia Denial Of Service +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-33185 MEDIUM This Month

NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-32732 MEDIUM This Month

Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Buffer Overflow Microsoft Quickassist Technology +1
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2025-32449 MEDIUM This Month

Unquoted search path for some PRI Driver software before version 03.03.1002 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-32446 MEDIUM This Month

Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Quickassist Technology
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-32088 MEDIUM Monitor

Improper conditions check for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Microsoft Quickassist Technology Windows
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-32038 MEDIUM This Month

Uncontrolled search path for some FPGA Support Package for the Intel oneAPI DPC++C++ Compiler software before version 2025.0.1 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-32001 MEDIUM This Month

Uncontrolled search path for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-31948 MEDIUM Monitor

Improper input validation for some Intel(R) oneAPI Math Kernel Library before version 2025.2 within Ring 3: User Applications may allow a denial of service. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-31940 MEDIUM This Month

Incorrect default permissions for some Intel(R) Thread Director Visualizer software before version 1.1.1 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy