Skip to main content
CVE-2025-1876 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dap 1562 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-1858 MEDIUM POC This Month

A vulnerability classified as critical was found in Codezips Online Shopping Website 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Shopping Website
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1856 MEDIUM POC This Month

A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1850 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips College Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi College Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1857 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Nipah Virus Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Nipah Virus Testing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1859 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi News Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-25301 MEDIUM POC PATCH This Month

Rembg is a tool to remove images background. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Rembg
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-27420 MEDIUM POC PATCH This Month

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.2%
CVE-2025-27499 MEDIUM POC PATCH This Month

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.2%
CVE-2025-27417 MEDIUM POC PATCH This Month

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.2%
CVE-2025-27418 MEDIUM POC PATCH This Month

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.1%
CVE-2024-57240 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Webviewer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25949 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Student Information System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-51091 MEDIUM POC This Month

Cross Site Scripting vulnerability in seajs v.2.2.3 allows a remote attacker to execute arbitrary code via the seajs package. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Seajs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-1846 MEDIUM POC This Month

A vulnerability was found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Java Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-1849 MEDIUM POC This Month

A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1848 MEDIUM POC This Month

A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1847 MEDIUM POC This Month

A vulnerability was found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1854 MEDIUM POC This Month

A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1843 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Tmall Demo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1855 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1889 MEDIUM POC PATCH This Month

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Picklescan
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2024-10925 MEDIUM POC This Month

A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-53384 MEDIUM POC This Month

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Tsup
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2023-49031 MEDIUM POC This Month

Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Path Traversal Tikit Emarketing
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-53386 MEDIUM POC This Month

Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Code Injection XSS Stage Js
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-53382 MEDIUM POC PATCH This Month

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Code Injection XSS Prism Red Hat
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-27099 MEDIUM POC PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Tuleap
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-25303 MEDIUM This Month

The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google SSRF Chrome
NVD GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-1841 MEDIUM This Month

A vulnerability classified as critical has been found in ESAFENET CDG 5.6.3.154.205. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cdg
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1840 MEDIUM This Month

A vulnerability was found in ESAFENET CDG 5.6.3.154.205. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cdg
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-27370 MEDIUM This Month

OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
6.9
EPSS
0.1%
CVE-2025-27371 MEDIUM This Month

In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.9
EPSS
0.1%
CVE-2025-1868 MEDIUM This Month

Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-20650 MEDIUM This Month

In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-45780 MEDIUM PATCH This Month

A flaw was found in grub2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Grub2
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-24778 MEDIUM PATCH This Month

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know.95.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Privilege Escalation Streampipes
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23615 MEDIUM This Month

Missing Authorization vulnerability in NotFound Interactive Page Hierarchy allows Exploiting Incorrectly Configured Access Control Security Levels.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23613 MEDIUM This Month

Missing Authorization vulnerability in NotFound WP Journal allows Exploiting Incorrectly Configured Access Control Security Levels.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23515 MEDIUM This Month

Missing Authorization vulnerability in tsecher ts-tree allows Exploiting Incorrectly Configured Access Control Security Levels.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20647 MEDIUM This Month

In Modem, there is a possible system crash due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Nr12A Nr13 Nr15 +1
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23763 MEDIUM This Month

Missing Authorization vulnerability in Alex Volkov WAH Forms allows Exploiting Incorrectly Configured Access Control Security Levels.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20644 MEDIUM This Month

In Modem, there is a possible memory corruption due to incorrect error handling. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nr15 Nr16
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25953 MEDIUM This Month

Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Academia Student Information System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25952 MEDIUM This Month

An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Academia Student Information System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25137 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Social Links allows Stored XSS.0.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25131 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound RJ Quickcharts allows Stored XSS.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25115 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Like dislike plus counter allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25084 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound UniTimetable allows Stored XSS.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23829 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Woo Update Variations In Cart allows Stored XSS.0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy