Skip to main content
CVE-2025-22734 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Posts Footer Manager allows Stored XSS.1.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-22762 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin - Octrace Support allows Stored. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-22788 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codexpert, Inc CoDesigner WooCommerce Builder for Elementor allows Stored XSS.7.17.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-22738 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TechnoWich WP ULike allows Stored XSS.7.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-7322 MEDIUM This Month

A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service (DoS). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2024-40854 MEDIUM This Month

A memory initialization issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-57895 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: set ATTR_CTIME flags when setting mtime David reported that the new warning from setattr_copy_mgtime is coming like the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57902 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_tci() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Linux Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57901 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Linux Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-22737 MEDIUM This Month

Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.8.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-22773 MEDIUM This Month

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WPChill Htaccess File Editor allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-54470 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-54535 MEDIUM This Month

A path handling issue was addressed with improved logic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Path Traversal
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-22787 MEDIUM This Month

Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-22779 MEDIUM This Month

Missing Authorization vulnerability in Ugur CELIK WP News Sliders allows Exploiting Incorrectly Configured Access Control Security Levels.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-22729 MEDIUM This Month

Missing Authorization vulnerability in Infomaniak Staff VOD Infomaniak allows Exploiting Incorrectly Configured Access Control Security Levels.5.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-22731 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Build Private Store For Woocommerce allows Cross Site Request Forgery.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-22976 HIGH This Month

SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder.php" shopId module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

PHP RCE SQLi
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22964 HIGH This Month

DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.6% and no vendor patch available.

Authentication Bypass SQLi Cm3 Acora Content Management System
NVD GitHub
CVSS 3.1
8.1
EPSS
12.6%
CVE-2025-0215 MEDIUM This Month

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2024-55503 LOW Monitor

An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Termius
NVD GitHub
CVSS 3.1
3.3
EPSS
2.1%
CVE-2024-53407 LOW Monitor

In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Phiewer
NVD GitHub
CVSS 3.1
3.3
EPSS
4.8%
CVE-2024-41454 MEDIUM This Month

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload RCE Docker
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-41453 MEDIUM Monitor

A cross-site scripting (XSS) vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2024-39967 MEDIUM This Month

Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0492 HIGH POC This Week

A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Dir 823x Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
0.9%
CVE-2025-0491 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Native Php Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0490 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Native Php Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0489 MEDIUM POC This Month

A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Native Php Cms D-Link
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-36751 MEDIUM This Month

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service (ReDoS) via a crafted URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0488 MEDIUM POC This Month

A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Native Php Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0487 MEDIUM POC This Month

A vulnerability was found in Fanli2012 native-php-cms 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Native Php Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0486 MEDIUM POC This Week

A vulnerability was found in Fanli2012 native-php-cms 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Native Php Cms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-48126 CRITICAL This Week

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-48125 HIGH This Month

An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-48123 HIGH This Month

An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-48122 MEDIUM This Month

Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-48121 MEDIUM This Month

The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over the GIOP protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22146 CRITICAL PATCH This Week

Sentry is a developer-first error tracking and performance monitoring tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-0485 MEDIUM POC This Month

A vulnerability was found in Fanli2012 native-php-cms 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Native Php Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0484 MEDIUM POC This Week

A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical.php of the component Backend. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Native Php Cms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-0483 MEDIUM POC This Month

A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Native Php Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-0482 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Native Php Cms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-54540 MEDIUM Monitor

The issue was addressed with improved input sanitization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple XSS Music Windows
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-44136 MEDIUM Monitor

This issue was addressed through improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os iOS
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-40839 LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os iOS
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-0501 HIGH This Month

An issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.7
EPSS
0.3%
CVE-2025-0500 HIGH This Month

An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.7
EPSS
0.4%
CVE-2025-0481 MEDIUM This Month

A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 878 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-23040 MEDIUM This Month

GitHub Desktop is an open-source Electron-based GitHub app designed for git development. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.6
EPSS
1.6%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy