Skip to main content
CVE-2025-70095 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. [CVSS 6.5 MEDIUM]

XSS Open Source Point Of Sale
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-70091 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter. [CVSS 6.5 MEDIUM]

XSS Open Source Point Of Sale
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-70094 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter. [CVSS 6.5 MEDIUM]

XSS Open Source Point Of Sale
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21870 MEDIUM POC PATCH This Month

The BACnet Protocol Stack library versions 1.4.2 and earlier contain an off-by-one buffer overflow in the ubasic interpreter's string tokenizer that crashes the application when processing oversized string literals. Public exploit code exists for this vulnerability, which affects any system running vulnerable versions of the BACnet Stack or Stack Overflow products. An attacker with local access and user interaction can trigger a denial of service condition through a specially crafted input string.

Buffer Overflow Stack Overflow Denial Of Service Bacnet Stack
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-25964 MEDIUM POC PATCH This Month

Path traversal in Tandoor Recipes prior to 2.5.1 allows authenticated users with import permissions to read arbitrary files from the server by manipulating file paths during recipe import operations. An attacker could access sensitive system files like /etc/passwd or application configuration files, potentially leading to full system compromise. Public exploit code exists for this vulnerability.

Path Traversal Recipes
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-25531 MEDIUM POC PATCH This Month

Kanboard versions prior to 1.2.50 allow authenticated users to duplicate tasks into projects they lack access permissions for due to insufficient validation in the TaskCreationController endpoint. This privilege escalation vulnerability enables users to move sensitive tasks across project boundaries they should not be able to access. Public exploit code exists for this incomplete fix of a prior authorization bypass vulnerability.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-48023 MEDIUM This Month

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. [CVSS 6.5 MEDIUM]

Denial Of Service Vnet Ip Interface Package
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-48022 MEDIUM This Month

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. [CVSS 6.5 MEDIUM]

Information Disclosure Vnet Ip Interface Package
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-48021 MEDIUM This Month

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. [CVSS 6.5 MEDIUM]

Integer Overflow Vnet Ip Interface Package
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-48020 MEDIUM This Month

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. [CVSS 6.5 MEDIUM]

Denial Of Service Vnet Ip Interface Package
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-48019 MEDIUM This Month

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. [CVSS 6.5 MEDIUM]

Denial Of Service Vnet Ip Interface Package
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-66676 MEDIUM This Month

An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 6.2 MEDIUM]

Denial Of Service Iobit Unlocker
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-2026 MEDIUM This Month

Nessus Agent on Windows systems contains improper file permission controls that allow local authenticated users to trigger denial of service attacks against the agent process. The vulnerability requires local access with standard user privileges and could disrupt security monitoring capabilities on affected hosts. No patch is currently available for this issue.

Windows Denial Of Service Nessus Agent
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-1790 MEDIUM This Month

Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.

Privilege Escalation Microsoft
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-26269 MEDIUM PATCH This Month

Stack buffer overflow in Vim's NetBeans integration allows a malicious NetBeans server to corrupt memory and potentially crash the editor or execute arbitrary code through a specially crafted specialKeys command. The vulnerability affects Vim builds with NetBeans support enabled and requires user interaction to connect to a compromised server. A patch is available in Vim version 9.1.2148 and later.

Buffer Overflow Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-2443 MEDIUM PATCH This Month

libsoup's improper validation of HTTP Range headers enables remote attackers to read sensitive server memory when processing specially crafted requests against vulnerable SoupServer instances. The flaw affects GNOME-based systems using certain build configurations and requires no authentication or user interaction. No patch is currently available, and exploitation likelihood remains low at 0.1% EPSS.

Buffer Overflow Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-26226 MEDIUM PATCH This Month

beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams.

XSS
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-15520 MEDIUM This Month

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD WPScan
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22892 MEDIUM PATCH This Month

Mattermost versions 11.1.2, 10.11.9, and 11.2.1 and earlier fail to properly enforce access controls in the Jira plugin's /create-issue API endpoint, allowing authenticated users to read restricted post content and attachments from channels they cannot access by referencing post IDs. An attacker with Jira plugin access can exploit this to enumerate and exfiltrate sensitive information from private or restricted channels. No patch is currently available for affected versions.

Jira Mattermost Server Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy