Skip to main content
CVE-2025-25605 MEDIUM POC This Month

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
5.6%
CVE-2025-25604 MEDIUM POC This Month

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
5.6%
CVE-2025-25770 MEDIUM POC This Month

Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /agency/AgencyUserController.java. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wangmarket
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-25507 MEDIUM POC This Month

There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Code Injection Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2025-25505 MEDIUM POC This Month

Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25510 MEDIUM POC This Month

Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25875 MEDIUM POC This Month

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP SQLi Simple Chatbox
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-10222 MEDIUM POC PATCH This Month

The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Svg Support
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-25768 MEDIUM POC This Month

MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Mrcms
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-1543 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3.4.3.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dreamer Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-1548 MEDIUM POC This Month

A vulnerability was found in iteachyou Dreamer CMS 4.1.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dreamer Cms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2020-19248 MEDIUM POC This Month

SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs,. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pbootcms
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-25772 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Java Jspxcms
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-25766 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection RCE File Upload Mrcms
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-25767 MEDIUM POC This Month

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Privilege Escalation Java Mrcms
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-25765 MEDIUM POC This Month

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mrcms
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-1546 MEDIUM This Month

A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
2.1%
CVE-2025-1536 MEDIUM This Month

A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
2.1%
CVE-2025-1555 MEDIUM This Month

A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Education And Training System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-1535 MEDIUM This Month

A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2019-8900 MEDIUM This Month

A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Securerom
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-13713 MEDIUM PATCH This Month

The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Givewp Square
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13235 MEDIUM PATCH This Month

The Pinpoint Booking System - #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.2 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-27100 MEDIUM PATCH This Month

lakeFS is an open-source tool that transforms your object storage into a Git-like repository. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1489 MEDIUM PATCH This Month

The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Appbox PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13648 MEDIUM PATCH This Month

The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Maps For Wp
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12452 MEDIUM PATCH This Month

The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeo_event' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ziggeo
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1410 MEDIUM PATCH This Month

The Events Calendar Made Simple - Pie Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's piecal shortcode in all versions up to, and including, 1.2.5 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Pie Calendar PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13672 MEDIUM PATCH This Month

The Mini Course Generator | Embed mini-courses and interactive content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mcg' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Mini Course Generator
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13455 MEDIUM PATCH This Month

The igumbi Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'igumbi_calendar' shortcode in all versions up to, and including, 1.40 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Igumbi
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13461 MEDIUM PATCH This Month

The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autoship-create-scheduled-order-action' shortcode in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Autoship Cloud
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1407 MEDIUM This Month

The AMO Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's amoteam_skills shortcode in all versions up to, and including, 1.1.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Amo Team Showcase PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1406 MEDIUM This Month

The Newpost Catch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's npc shortcode in all versions up to, and including, 1.3.19 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13751 MEDIUM This Month

The 3D Photo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'des[]' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS 3D Photo Gallery
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13388 MEDIUM This Month

The TCBD Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbdtooltip_text' shortcode in all versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Tcbd Tooltip
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13379 MEDIUM This Month

The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.5 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS C9 Admin Dashboard
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-0838 MEDIUM PATCH This Month

There exists a heap buffer overflow vulnerable in Abseil-cpp. Rated medium severity (CVSS 5.9). This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Common Libraries Debian Linux Red Hat +1
NVD GitHub
CVSS 4.0
5.9
EPSS
0.3%
CVE-2025-1001 MEDIUM This Month

Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2024-55156 MEDIUM This Month

An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Java
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-45673 MEDIUM This Month

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Security Verify Bridge Directory Sync Security Verify Gateway For Radius +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-13537 MEDIUM This Month

The C9 Blocks plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.7.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP C9 Blocks
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-1402 MEDIUM This Month

The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Event Tickets PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-0728 MEDIUM PATCH This Month

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Threadx Netx Duo
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0727 MEDIUM PATCH This Month

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Threadx Netx Duo
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13818 MEDIUM This Month

The Registration Forms - User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-1544 MEDIUM This Month

A vulnerability, which was classified as critical, was found in dingfanzu CMS up to 20250210. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-12276 MEDIUM PATCH This Month

The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

WordPress SQLi Ultimate Member
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-1537 MEDIUM This Month

A vulnerability was found in Harpia DiagSystem 12. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1470 MEDIUM PATCH This Month

In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Omr
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2024-38657 MEDIUM This Month

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
4.9
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy