Skip to main content
CVE-2025-9316 MEDIUM POC THREAT This Month

N-central < 2025.4 can generate sessionIDs for unauthenticated users4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 83.2% and no vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
83.2%
Threat
5.4
CVE-2025-13060 MEDIUM POC This Month

A security vulnerability has been detected in SourceCodester Survey Application System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2022-4983 MEDIUM This Month

TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling (INI-file based) that can be abused to cause remote creation of files on the host. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-59089 MEDIUM PATCH This Month

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service SSRF
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-13063 MEDIUM This Month

A flaw has been found in DinukaNavaratna Dee Store 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-40164 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix using smp_processor_id() in preemptible code warnings Syzbot reported the following warning: BUG: using. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43205 MEDIUM This Month

An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-64517 MEDIUM PATCH Monitor

sudo-rs is a memory safe implementation of sudo and su written in Rust. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-64503 MEDIUM POC PATCH Monitor

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Apple Buffer Overflow Cups Filters Libcupsfilters +3
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-64482 MEDIUM Monitor

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-64429 MEDIUM PATCH This Month

DuckDB is a SQL database management system. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Duckdb Red Hat
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-63645 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ph7 Social Dating Builder
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-33119 MEDIUM This Month

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36223 MEDIUM This Month

IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Openpages
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-8421 MEDIUM This Month

An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation
NVD
CVSS 4.0
5.2
EPSS
0.0%
CVE-2025-64117 MEDIUM Monitor

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-27368 MEDIUM Monitor

IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Openpages
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13058 MEDIUM POC PATCH This Month

A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Extplorer
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-12047 MEDIUM This Month

A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2024-48829 MEDIUM This Month

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Code Injection Smartfabric Os10
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-63927 MEDIUM POC Monitor

A heap-use-after-free vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Iec104
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-60646 MEDIUM POC This Month

A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xxl Api
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-45301 MEDIUM This Month

Mintty is a terminal emulator for Cygwin, MSYS, and WSL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-60645 MEDIUM POC This Week

A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Xxl Api
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-25236 MEDIUM This Month

Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-63419 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Crushftp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-59491 MEDIUM This Month

Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Community Development
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-52331 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Winrar
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-11566 MEDIUM This Month

CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different c

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-62876 MEDIUM PATCH This Month

A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Suse
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-11454 MEDIUM This Month

The Specific Content For Mobile - Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eos_scfm_duplicate_post_as_draft() function in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-64407 MEDIUM This Month

Apache OpenOffice documents can contain links. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Openoffice
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-61623 MEDIUM This Month

Reflected cross-site scripting vulnerability in Apache OFBiz.09.03. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Ofbiz
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-37734 MEDIUM Monitor

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic SSRF Kibana Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-64406 MEDIUM Monitor

An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas.1.15. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apache Openoffice
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64402 MEDIUM This Month

Apache OpenOffice documents can contain links. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Openoffice
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-12732 MEDIUM Monitor

The WP Import - Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of sensitive information due to a missing authorization check on the showsetting(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-12872 MEDIUM This Month

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-12869 MEDIUM Monitor

The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS A Hrd
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-12113 MEDIUM Monitor

The Alt Text Generator AI - Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12018 MEDIUM Monitor

The MembershipWorks - Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-12901 MEDIUM Monitor

The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12833 MEDIUM Monitor

The GeoDirectory - WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12087 MEDIUM Monitor

The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-54983 MEDIUM This Month

A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
CVSS 3.1
5.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy