Skip to main content
CVE-2025-1338 MEDIUM POC THREAT This Month

A vulnerability was found in NUUO Camera up to 20250203. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.0% and no vendor patch available.

Command Injection PHP
NVD VulDB
CVSS 4.0
6.9
EPSS
17.0%
CVE-2025-1355 MEDIUM POC This Month

A vulnerability was found in needyamin Library Card System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Library Card System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-1341 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in PMWeb 7.2.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Pmweb
NVD VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-1336 MEDIUM POC This Month

A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Cmseasy
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1335 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Cmseasy
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1356 MEDIUM POC This Month

A vulnerability was found in needyamin Library Card System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Card System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-1364 MEDIUM POC This Month

A vulnerability has been found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Escan Anti Virus
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-1332 MEDIUM POC This Month

A vulnerability has been found in FastCMS up to 0.1.5 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fastcms
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-26766 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows Stored XSS.31.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26761 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Easy Elementor Addons allows DOM-Based XSS.1.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23975 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Botnet Attack Blocker allows Stored XSS.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22676 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in upcasted AWS S3 for WordPress Plugin - Upcasted allows Stored XSS.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22289 MEDIUM This Month

Missing Authorization vulnerability in NotFound LTL Freight Quotes - Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels.5.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22689 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Levan Tarbor Forex Calculators allows Stored XSS.3.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26767 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely - Advanced Gutenberg Blocks allows Stored XSS.8.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1359 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SIAM Industria de Automação e Monitoramento SIAM 2.0.jsp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
5.3
EPSS
3.0%
CVE-2025-26765 MEDIUM This Month

Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels.0.22. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-1357 MEDIUM This Month

A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1358 MEDIUM This Month

A vulnerability classified as problematic was found in Pix Software Vivaz 6.0.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-22291 MEDIUM This Month

Missing Authorization vulnerability in enituretechnology LTL Freight Quotes - Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.0.20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-1339 MEDIUM This Month

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection X18 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1360 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Internet Web Solutions Sublime CRM up to 20250207. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-1337 MEDIUM POC This Month

A vulnerability was found in Eastnets PaymentSafe 2.5.26.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-26779 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fahad Mahmood Keep Backup Daily allows Path Traversal.1.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-1354 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-57970 MEDIUM PATCH This Month

libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy