Skip to main content
CVE-2024-3303 MEDIUM POC This Month

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab Code Injection
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12586 MEDIUM POC This Month

The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Chalet Montagne Com Tools
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-54951 MEDIUM POC This Month

Monica 4.1.2 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monica
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-13120 MEDIUM POC This Month

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profilepress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-13119 MEDIUM POC This Month

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profilepress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8266 MEDIUM POC This Month

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-0814 MEDIUM This Month

services running on the product when malicious IEC61850-MMS packets are sent to the device. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-23421 MEDIUM This Month

An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Google Information Disclosure Path Traversal Android +1
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-37600 MEDIUM This Month

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-57782 MEDIUM PATCH This Month

An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Denial Of Service Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-10083 MEDIUM This Month

workstation when specific driver interface is invoked locally by an authenticated user with crafted input. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2024-56908 MEDIUM This Month

In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Request Smuggling RCE
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-47265 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Path Traversal Active Backup For Business Agent
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2025-26574 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moch Amir Google Drive WP Media allows Stored XSS.4.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26558 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mkkmail Aparat Responsive allows DOM-Based XSS.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26539 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petkivim Embed Google Map allows Stored XSS.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26567 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farjana55 Font Awesome WP allows DOM-Based XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26538 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Prezi Embedder allows Stored XSS.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13644 MEDIUM PATCH This Month

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Dethemekit For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13227 MEDIUM PATCH This Month

The Rank Math SEO - AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Seo
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-0837 MEDIUM This Month

The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-20615 MEDIUM This Month

The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Qardio iOS
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-13867 MEDIUM This Month

The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Listivo
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2025-0426 MEDIUM PATCH This Month

A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-1271 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS H6Web
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-24836 MEDIUM This Month

With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Python Information Disclosure
NVD
CVSS 4.0
6.1
EPSS
0.1%
CVE-2025-26561 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elfsight Elfsight Yottie Lite allows Stored XSS.3.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-12054 MEDIUM This Month

ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2024-12012 MEDIUM This Month

A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-53311 MEDIUM This Month

A Stack buffer overflow in the arguments parameter in Immunity Inc. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-53310 MEDIUM This Month

A Structured Exception Handler based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when a specially crafted file is passed to the -ff parameter. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-53309 MEDIUM This Month

A stack-based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when an overly long string is passed to the "-f" parameter. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-23411 MEDIUM This Month

mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mypro
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-47264 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Path Traversal Active Backup For Business Agent
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-34404 MEDIUM This Month

Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-25900 MEDIUM This Month

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Buffer Overflow Denial Of Service Tl Wr841Nd V11 Firmware
NVD GitHub
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-34403 MEDIUM This Month

Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-25287 MEDIUM This Month

Lakeus is a simple skin made for MediaWiki. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-21701 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-37601 MEDIUM This Month

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-37603 MEDIUM This Month

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-37602 MEDIUM This Month

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Null Pointer Dereference Denial Of Service Headunit Ntg6 Mercedes Benz User Experience
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-24889 MEDIUM This Month

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
4.5
EPSS
0.1%
CVE-2024-13639 MEDIUM PATCH This Month

The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Read More Accordion
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-25195 MEDIUM This Month

Zulip is an open source team chat application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-0661 MEDIUM PATCH This Month

The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicate_post() function due to insufficient restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure Authentication Bypass Dethemekit For Elementor PHP +1
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13229 MEDIUM PATCH This Month

The Rank Math SEO - AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Seo
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1198 MEDIUM This Month

An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy