Skip to main content
CVE-2025-21592 MEDIUM This Month

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2024-43176 MEDIUM This Month

IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Openpages With Watson
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-6155 MEDIUM This Month

The Greenshift - animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress SSRF XSS Greenshift Animation And Page Builder Blocks
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5769 MEDIUM Monitor

The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12819 MEDIUM This Month

The Searchie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sio_embed_media' shortcode in all versions up to, and including, 1.17.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-12618 MEDIUM Monitor

The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12493 MEDIUM This Month

The Files Download Delay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fddwrap' shortcode in all versions up to, and including, 1.0.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-12249 MEDIUM Monitor

The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12218 MEDIUM This Month

The Woocommerce check pincode/zipcode for shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-12206 MEDIUM Monitor

The WordPress Header Builder Plugin - Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12122 MEDIUM This Month

The ResAds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-11929 MEDIUM This Month

The Responsive FlipBook Plugin Wordpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the rfbwp_save_settings() functionin all versions up to, and including, 2.5.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-11686 MEDIUM This Month

The WhatsApp 🚀 click to chat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'manycontacts_code' parameter in all versions up to, and including, 3.0.4 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2025-0348 MEDIUM POC This Month

A vulnerability was found in CampCodes DepEd Equipment Inventory System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Deped Equipment Inventory System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0347 MEDIUM POC This Week

A vulnerability was found in code-projects Admission Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Admission Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-0346 MEDIUM POC This Month

A vulnerability was found in code-projects Content Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass PHP Content Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-0345 MEDIUM POC This Month

A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cy Fast
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0344 MEDIUM POC This Month

A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cy Fast
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0342 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Computer Laboratory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0341 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Computer Laboratory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-43663 MEDIUM This Month

There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow
NVD
CVSS 4.0
5.3
EPSS
4.5%
CVE-2024-43662 MEDIUM This Month

The <redacted>.exe or <redacted>.exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-12806 MEDIUM Monitor

A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-20033 MEDIUM PATCH Monitor

Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-0340 MEDIUM This Month

A vulnerability classified as critical was found in code-projects Cinema Seat Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Cinema Seat Reservation System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-0339 MEDIUM POC This Month

A vulnerability classified as problematic has been found in code-projects Online Bike Rental 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Bike Rental System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0336 MEDIUM POC This Month

A vulnerability was found in Codezips Project Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13041 MEDIUM POC Monitor

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-0335 MEDIUM POC This Month

A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Online Bike Rental System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0334 MEDIUM POC This Month

A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cy Fast
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-6324 MEDIUM POC Monitor

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-12736 MEDIUM POC This Month

The BU Section Editing WordPress plugin through 0.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bu Section Editing
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12731 MEDIUM POC This Month

The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Infeed
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12717 MEDIUM POC Monitor

The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Infeed
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-12715 MEDIUM POC This Month

The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Asgard Security Scanner
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12714 MEDIUM POC This Month

The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Backlink Monitoring Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-10815 MEDIUM POC Monitor

The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress XSS Postlists
NVD WPScan
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-0333 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cy Fast
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0331 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2.php of the component HTTP POST Request Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-0328 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-56827 MEDIUM PATCH This Month

A flaw was found in the OpenJPEG project. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2024-56826 MEDIUM PATCH This Month

A flaw was found in the OpenJPEG project. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2024-13213 MEDIUM This Month

A vulnerability classified as problematic was found in SingMR HouseRent 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Houserent
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13212 MEDIUM This Month

A vulnerability classified as critical has been found in SingMR HouseRent 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java Houserent
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13211 MEDIUM This Month

A vulnerability was found in SingMR HouseRent 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Houserent
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13210 MEDIUM POC This Month

A vulnerability was found in donglight bookstore电商书城系统说明 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java Bookstore
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13209 MEDIUM POC PATCH This Month

A vulnerability was found in Redaxo CMS 5.18.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Redaxo
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13205 MEDIUM POC This Month

A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS E Commerce Php
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13204 MEDIUM POC This Month

A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Php
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2024-13203 MEDIUM POC This Week

A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP E Commerce Php
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy