Skip to main content
CVE-2024-57241 MEDIUM POC This Month

Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Dedecms
NVD GitHub
CVSS 3.1
6.5
EPSS
4.5%
CVE-2025-25202 MEDIUM POC PATCH This Month

Ash Authentication is an authentication framework for Elixir applications. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Privilege Escalation Ash Authentication Alembic
NVD GitHub
CVSS 4.0
6.3
EPSS
0.2%
CVE-2025-1178 MEDIUM POC PATCH This Month

A vulnerability was found in GNU Binutils 2.43. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Binutils Active Iq Unified Manager Ontap Select Deploy Administration Utility Red Hat +1
NVD VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2024-13570 MEDIUM POC This Month

The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stray Random Quotes
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-13543 MEDIUM POC This Month

The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Zarinpal Paid Download
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2025-25528 MEDIUM POC This Month

Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn575A3 Firmware
NVD GitHub
CVSS 3.1
5.1
EPSS
3.3%
CVE-2025-1177 MEDIUM POC This Month

A vulnerability was found in dayrui XunRuiCMS 4.6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Xunruicms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1167 MEDIUM POC This Month

A vulnerability was found in Mayuri K Employee Management System up to 192.168.70.3 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Employee Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1168 MEDIUM POC This Month

A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Contact Manager With Export To Vcf
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1169 MEDIUM POC This Month

A vulnerability was found in SourceCodester Image Compressor Tool 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Image Compressor Tool
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2025-1174 MEDIUM POC This Month

A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bookstore Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-26493 MEDIUM This Month

In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
4.6
EPSS
15.7%
CVE-2025-21377 MEDIUM PATCH This Month

NTLM Hash Disclosure Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2024-12058 MEDIUM This Month

External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2025-24956 MEDIUM This Month

A vulnerability has been identified in OpenV2G (All versions < V0.9.6). Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Openv2G
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-23814 MEDIUM This Month

The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-54916 MEDIUM This Month

An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2025-1165 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2023-37482 MEDIUM This Month

The login functionality of the web server in affected devices does not normalize the response times of login attempts. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-52612 MEDIUM This Month

SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Solarwinds Platform
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2025-21349 MEDIUM PATCH This Month

Windows Remote Desktop Configuration Service Tampering Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-26409 MEDIUM This Month

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-24874 MEDIUM This Month

SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SAP XSS
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-24875 MEDIUM This Month

SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SAP CSRF
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-52968 MEDIUM This Month

An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Fortinet Forticlient macOS
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-40721 MEDIUM This Month

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Fortinet Fortios Fortiswitchmanager Fortiproxy +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-40586 MEDIUM This Month

An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Fortinet Forticlient Windows
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-24976 MEDIUM PATCH This Month

Distribution is a toolkit to pack, ship, store, and deliver container content. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Suse
NVD GitHub
CVSS 4.0
6.6
EPSS
0.1%
CVE-2024-50569 MEDIUM This Month

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Fortinet Fortiweb
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-24408 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Adobe Privilege Escalation Commerce +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2025-21352 MEDIUM PATCH This Month

Internet Connection Sharing (ICS) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-24424 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce B2b
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-24426 MEDIUM This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce B2b
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24422 MEDIUM This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce B2b
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24427 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-21212 MEDIUM PATCH This Month

Internet Connection Sharing (ICS) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-21254 MEDIUM PATCH This Month

Internet Connection Sharing (ICS) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-21216 MEDIUM PATCH This Month

Internet Connection Sharing (ICS) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-55212 MEDIUM This Month

DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGo_xBlog/Resource_Service.aspx. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-37660 MEDIUM PATCH This Month

In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Hostapd
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-12797 MEDIUM POC PATCH This Month

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.8%
CVE-2024-13506 MEDIUM This Month

The GeoDirectory - WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the display_name profile parameter in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12599 MEDIUM PATCH This Month

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1145 MEDIUM This Month

NetVision Information ISOinsight has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2025-24867 MEDIUM This Month

SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-23363 MEDIUM This Month

A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010),. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Teamcenter
NVD
CVSS 4.0
6.1
EPSS
0.3%
CVE-2024-13830 MEDIUM This Month

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XSS Connect Secure Policy Secure
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-26408 MEDIUM This Month

The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-12833 MEDIUM This Month

Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass XSS Prtg Network Monitor
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-21347 MEDIUM PATCH This Month

Windows Deployment Services Denial of Service Vulnerability. Rated medium severity (CVSS 6.0).

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
6.0
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy