Skip to main content
CVE-2025-1082 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xzs Mysql
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2022-40490 MEDIUM POC This Month

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Tiny File Manager
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-0522 MEDIUM POC This Month

The LikeBot WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Likebot PHP
NVD WPScan
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-57523 MEDIUM POC This Month

Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Packers And Movers Management System
NVD GitHub
CVSS 3.1
4.5
EPSS
0.2%
CVE-2024-48589 MEDIUM This Month

Cross Site Scripting vulnerability in Gilnei Moraes phpABook v.0.9 allows a remote attacker to execute arbitrary code via the rol parameter in index.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE XSS
NVD GitHub
CVSS 3.1
6.3
EPSS
7.6%
CVE-2025-1004 MEDIUM This Month

Certain HP LaserJet Pro printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer via IPP (Internet Printing Protocol). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service G3Q78A Firmware G3Q79A Firmware Q3Q75A Firmware +7
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-57961 MEDIUM This Month

Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-21279 MEDIUM This Month

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption RCE Google Edge Chromium +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-57957 MEDIUM This Month

Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-21283 MEDIUM This Month

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google RCE Edge Chromium Chrome
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-45626 MEDIUM PATCH This Month

Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service James Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-0859 MEDIUM PATCH This Month

The Post and Page Builder by BoldGrid - Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Path Traversal Post And Page Builder PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0799 MEDIUM This Month

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal App Connect Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-49791 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-36085 MEDIUM This Month

Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resumes Management and Job Application Website 1.0 allows remote attackers to inject arbitrary code via First and Last Name in Apply. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-52892 MEDIUM This Month

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-12602 MEDIUM This Month

Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-57954 MEDIUM This Month

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-57955 MEDIUM This Month

Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-57962 MEDIUM This Month

Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-57959 MEDIUM This Month

Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-47256 MEDIUM This Month

Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2024-49797 MEDIUM This Month

IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Applinx
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-22936 MEDIUM This Month

An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain sensitive information via the Weak default WiFi password. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-57958 MEDIUM This Month

Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-0158 MEDIUM This Month

IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Entirex
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24845 MEDIUM This Month

Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Code Injection Defense Platform Windows
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-57672 MEDIUM This Month

An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Floodlight
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24483 MEDIUM This Month

NULL pointer dereference vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Defense Platform Windows
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-49792 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-49793 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-49796 MEDIUM This Month

IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Applinx
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-21253 MEDIUM This Month

Microsoft Edge for IOS and Android Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Apple Edge +2
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-24911 MEDIUM This Month

In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Gaia Os
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-25883 MEDIUM This Month

The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-1076 MEDIUM This Month

A Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-1078 MEDIUM This Month

A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-13417 MEDIUM This Month

Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-21267 MEDIUM This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Edge Chromium Chrome
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2025-21404 MEDIUM This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Edge Chromium Chrome
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-49794 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Applinx
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49795 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Applinx
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13416 MEDIUM This Month

Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49798 MEDIUM This Month

IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Applinx
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49800 MEDIUM This Month

IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Applinx
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-22866 MEDIUM PATCH This Month

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-53586 MEDIUM POC This Month

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
3.9%
CVE-2024-57673 MEDIUM POC This Month

An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Floodlight
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-36557 MEDIUM This Month

The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW60. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-57599 MEDIUM POC Monitor

Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Douphp
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy