Browse CVEs
145,000 medium severity vulnerabilities
| CVE ID | Title | Severity | CVSS | Risk | Patch | Published |
|---|---|---|---|---|---|---|
| CVE-2025-12628 | The WP 2FA WordPress plugin does not generate backup code... | Medium | 6.3 | Low Risk | Unpatched (21d) | 24-Nov-25 |
| CVE-2025-64047 | OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scri... | Medium | 6.1 | Low Risk | Unpatched (21d) | 24-Nov-25 |
| CVE-2025-64048 | YCCMS 3.4 contains a stored cross-site scripting (XSS) vu... | Medium | 6.1 | Low Risk | Unpatched (21d) | 24-Nov-25 |
| CVE-2025-63498 | alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting ... | Medium | 6.1 | High Risk | Unpatched (21d) | 24-Nov-25 |
| CVE-2025-63674 | An issue in Blurams Lumi Security Camera (A31C) v23.1227.... | Medium | 6.1 | Low Risk | Unpatched (21d) | 24-Nov-25 |
| CVE-2025-12394 | The Backup Migration WordPress plugin before 2.0.0 does n... | Medium | 5.9 | Low Risk | Patched | 24-Nov-25 |
| CVE-2025-36150 | IBM Concert 1.0.0 through 2.0.0 uses weaker than expected... | Medium | 5.9 | Low Risk | Patched | 24-Nov-25 |
| CVE-2025-63952 | A Cross-Site Request Forgery (CSRF) in the /mwapi?method=... | Medium | 5.7 | Low Risk | Unpatched (21d) | 24-Nov-25 |
| CVE-2025-0007 | Insufficient validation within Xilinx Run Time framework ... | Medium | 5.7 | Low Risk | Unpatched (21d) | 24-Nov-25 |
| CVE-2025-65503 | Use after free in endpoint destructors in Redboltz async_... | Medium | 5.5 | Low Risk | Patched | 24-Nov-25 |