Skip to main content
CVE-2025-60916 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Openatlas
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-54341 MEDIUM This Month

A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pingalert Application Server
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-36112 MEDIUM This Month

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-56423 MEDIUM This Month

An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openatlas
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-60917 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Openatlas
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-60914 MEDIUM This Month

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /display_logo endpoint. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-13588 LOW Monitor

A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13575 LOW Monitor

A security vulnerability has been detected in code-projects Blog Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13576 LOW Monitor

A vulnerability was detected in code-projects Blog Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13584 LOW Monitor

A security vulnerability has been detected in Eigenfocus up to 1.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-13577 LOW Monitor

A flaw has been found in PHPGurukul Hostel Management System 2.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-13594 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-13511 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-40213 Awaiting Data

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete There is a BUG: KASAN: stack-out-of-bounds in set_mesh_sync due. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2025-10554 HIGH This Month

A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
8.7
EPSS
0.1%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-12978 MEDIUM This Month

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Fluent Bit
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-12977 CRITICAL This Week

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Elastic Fluent Bit
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-12972 MEDIUM This Month

Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Fluent Bit
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12970 HIGH This Month

The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Fluent Bit Docker
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-12969 MEDIUM This Month

Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fluent Bit
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-11921 HIGH This Month

iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.10.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-65998 HIGH PATCH This Month

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Syncope
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-65503 MEDIUM POC PATCH This Month

Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Async Mqtt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-65502 MEDIUM POC PATCH Monitor

Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Mongoose
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-65501 MEDIUM PATCH Monitor

Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-65500 MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-65499 MEDIUM PATCH Monitor

Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libcoap Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-65498 MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-65497 MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-65496 MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-65495 HIGH PATCH This Month

Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libcoap Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-65494 HIGH PATCH This Month

NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-65493 HIGH PATCH This Month

NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-41017 MEDIUM This Month

Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-41016 HIGH This Month

Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix refcount leak in nfsd_set_fh_dentry() nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find the various. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.1%
CVE-2025-12628 MEDIUM This Month

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD WPScan
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-41729 HIGH This Month

An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-41087 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-12741 HIGH This Month

A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-12740 HIGH This Month

A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM
NVD
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-12739 HIGH This Month

An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-13596 LOW Monitor

A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
2.7
EPSS
0.2%
CVE-2025-12629 HIGH This Month

The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-12569 MEDIUM Monitor

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Open Redirect PHP
NVD WPScan
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-12394 MEDIUM This Month

The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Information Disclosure PHP
NVD WPScan
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-7402 HIGH This Month

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘site_id’ parameter in all versions up to, and including, 4.95. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13589 MEDIUM This Month

FMS developed by Otsuka Information Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy