Skip to main content
CVE-2024-55488 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Umbraco Cms
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-37010 MEDIUM POC This Month

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-37009 MEDIUM POC This Month

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-37011 MEDIUM POC This Month

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-37012 MEDIUM POC This Month

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-37007 MEDIUM POC This Month

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-37006 MEDIUM POC This Month

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-37004 MEDIUM POC This Month

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-37003 MEDIUM POC This Month

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-37002 MEDIUM POC This Month

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-37005 MEDIUM POC This Month

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-37008 MEDIUM POC This Month

Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Buffer Overflow Open5gs
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-37039 MEDIUM This Month

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allow network-adjacent attackers to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-23486 MEDIUM This Month

Missing Authorization vulnerability in NotFound Database Sync allows Exploiting Incorrectly Configured Access Control Security Levels.5.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-0395 MEDIUM PATCH CISA This Month

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-23992 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leetoo Toocheke Companion allows Stored XSS.166. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-23562 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound XLSXviewer allows Path Traversal.1.1. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2022-23439 MEDIUM This Month

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortiadc Fortiauthenticator Fortiddos +11
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2025-23684 MEDIUM This Month

Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12477 MEDIUM This Month

The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Avada Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-56923 MEDIUM POC PATCH This Month

Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 <= 6.4.1 allows a remote attacker to execute arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Silverpeas
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-56914 MEDIUM This Month

D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

D-Link Buffer Overflow Dsl 3782 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-9310 MEDIUM This Month

By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-23047 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kubernetes Cilium Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-0651 MEDIUM This Month

Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Warp Windows Cloudflare
NVD
CVSS 4.0
6.1
EPSS
0.2%
CVE-2025-24403 MEDIUM Monitor

A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Jenkins Azure Service Fabric
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-24402 MEDIUM Monitor

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft CSRF Jenkins Azure Service Fabric
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2025-24401 MEDIUM This Month

Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Folder Based Authorization Strategy
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-24400 MEDIUM PATCH Monitor

Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Eiffel Broadcaster
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-24397 MEDIUM PATCH Monitor

An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Jenkins
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2025-23028 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Kubernetes Denial Of Service Cilium Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20128 MEDIUM PATCH This Month

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Cisco Buffer Overflow Denial Of Service Clamav +3
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2024-51457 MEDIUM Monitor

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-42013 MEDIUM This Month

In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. Rated medium severity (CVSS 6.4). No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2024-42012 MEDIUM This Month

GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. Rated medium severity (CVSS 5.7). No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2024-10929 MEDIUM This Month

In certain circumstances, an issue in Arm Cortex-A57, Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cortex A57 Firmware Cortex A72 Firmware Cortex A73 Firmware Cortex A75 Firmware
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-24027 MEDIUM PATCH This Month

ps_contactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting (XSS) vulnerability in versions up to and including 3.3.2. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable. No vendor patch available.

XSS SQLi
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-22980 MEDIUM POC This Week

A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Senayan Library Management System Bulian
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-0604 MEDIUM PATCH This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-24432 MEDIUM POC This Month

A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13447 MEDIUM PATCH Monitor

The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Hotel Booking
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-13361 MEDIUM PATCH This Month

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Aipower
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-13360 MEDIUM PATCH This Month

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Aipower
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13319 MEDIUM PATCH This Month

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Themify Builder
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2024-13406 MEDIUM PATCH This Month

The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'feed_id' parameter in all versions up to, and including, 3.0.11 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google WordPress XSS Xml For Google Merchant Center
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-12117 MEDIUM PATCH This Month

The Stackable - Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Stackable
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-23237 MEDIUM This Month

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection
NVD
CVSS 3.0
6.6
EPSS
0.3%
CVE-2024-12879 MEDIUM Monitor

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wpot
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-13590 MEDIUM PATCH This Month

The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ketchup Shortcodes
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13584 MEDIUM PATCH This Month

The Picture Gallery - Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_pictures' shortcode in all versions up. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Picture Gallery
NVD
CVSS 3.1
6.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy