Skip to main content
CVE-2024-55415 MEDIUM POC THREAT This Month

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 58.6%.

Path Traversal Voyager
NVD GitHub
CVSS 3.1
5.7
EPSS
58.6%
Threat
4.4
CVE-2024-55417 MEDIUM POC THREAT This Month

DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 24.7%.

RCE File Upload Voyager
NVD GitHub
CVSS 3.1
4.3
EPSS
24.7%
CVE-2022-43916 MEDIUM This Month

IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure App Connect Enterprise Certified Container
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-13349 MEDIUM PATCH This Month

The Stockdio Historical Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stockdio-historical-chart' shortcode in all versions up to, and including, 2.8.18 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-12451 MEDIUM PATCH This Month

The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.04 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-10847 MEDIUM This Month

The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 16.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13705 MEDIUM PATCH This Month

The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-12320 MEDIUM This Month

The Team Rosters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 4.7 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-0860 MEDIUM PATCH This Month

The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in all versions up to, and including, 3.0.1 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-12299 MEDIUM This Month

The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.15 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12177 MEDIUM This Month

The Ai Image Alt Text Generator for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-24099 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-0861 MEDIUM PATCH This Month

The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-13652 MEDIUM This Month

The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-11583 MEDIUM This Month

The Borderless - Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-0882 MEDIUM POC This Month

A vulnerability was found in code-projects Chat System up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0881 MEDIUM This Month

A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Gym Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0880 MEDIUM POC This Month

A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gym Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0573 MEDIUM This Month

Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sante Pacs Server
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2025-0572 MEDIUM Monitor

Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sante Pacs Server
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2025-0571 MEDIUM This Month

Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Sante Pacs Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2025-0570 MEDIUM This Month

Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Sante Pacs Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2025-0145 MEDIUM Monitor

Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meeting Software Development Kit Rooms Rooms Controller +4
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-0143 MEDIUM Monitor

Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Meeting Software Development Kit Video Software Development Kit +1
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-0142 MEDIUM PATCH Monitor

Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-10604 MEDIUM POC PATCH This Week

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Fuchsia
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-10603 MEDIUM POC PATCH This Month

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Information Disclosure Gvisor
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2024-10026 MEDIUM POC PATCH This Month

A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Information Disclosure Gvisor
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-24506 MEDIUM This Month

A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-24504 MEDIUM This Month

An improper input validation the CSRF filter results in unsanitized user input written to the application logs. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-24502 MEDIUM This Month

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-24501 MEDIUM This Month

An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0681 MEDIUM This Month

The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-0874 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Car Rental System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0873 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0367 MEDIUM This Month

In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24784 MEDIUM PATCH Monitor

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-24376 MEDIUM PATCH This Month

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23216 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kubernetes Argo Cd Red Hat Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-22221 MEDIUM This Month

VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware XSS Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
5.2
EPSS
0.2%
CVE-2025-22220 MEDIUM Monitor

VMware Aria Operations for Logs contains a privilege escalation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-22219 MEDIUM This Month

VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware XSS Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-0872 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-23367 MEDIUM PATCH This Month

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Application Platform Wildfly Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-0871 MEDIUM This Month

A vulnerability classified as problematic has been found in Maybecms 1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-53615 MEDIUM This Month

A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
6.5
EPSS
20.6%
CVE-2024-8494 MEDIUM Monitor

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Website Builder Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13715 MEDIUM PATCH Monitor

The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Zstore Manager Basic
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13700 MEDIUM This Month

The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Embed Swagger Ui
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13670 MEDIUM PATCH This Month

The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pn_msv' shortcode in all versions up to, and including, 4.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Music Sheet Viewer
NVD
CVSS 3.1
6.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy