Skip to main content
CVE-2025-1925 MEDIUM POC This Month

A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2025-1903 MEDIUM POC This Month

A vulnerability was found in Codezips Online Shopping Website 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Shopping Website
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1902 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Student Record System 3.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Record System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1959 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1901 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1900 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1956 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopping Portal
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1952 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1954 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Metapneumovirus Testing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1894 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-26182 MEDIUM POC This Month

An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java Novel Plus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-1946 MEDIUM POC This Month

A vulnerability was found in hzmanyun Education and Training System 2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Education And Training System
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
4.8%
CVE-2025-1947 MEDIUM POC This Month

A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Education And Training System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.9%
CVE-2025-1890 MEDIUM POC This Month

A vulnerability has been found in shishuocms 1.1 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java Shishuocms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-13685 MEDIUM POC This Month

The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Admin And Site Enhancements
NVD WPScan
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-1958 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in aaluoxiang oa_system 1.0.xml. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Oa System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1893 MEDIUM POC PATCH This Month

A vulnerability was found in Open5GS up to 2.7.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1949 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ZZCMS 2025.php of the component URL Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Zzcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1961 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Best Church Management Software 1.1 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Church Management Software
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1891 MEDIUM POC This Month

A vulnerability was found in shishuocms 1.1 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Shishuocms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1957 MEDIUM POC This Month

A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-1906 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-1905 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-1904 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-1955 MEDIUM POC This Month

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Class And Exam Scheduling System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-1892 MEDIUM POC This Month

A vulnerability was found in shishuocms 1.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Shishuocms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-27401 MEDIUM POC PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-26091 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user, by. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Team Password Manager
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-26849 MEDIUM POC This Month

There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docusnap
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27111 MEDIUM PATCH This Month

Rack is a modular Ruby web server interface. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Rack Red Hat Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-1695 MEDIUM This Month

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Java Denial Of Service Nginx Unit
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-27521 MEDIUM This Month

Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-58048 MEDIUM This Month

Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-26320 MEDIUM This Month

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Broadlinkmanager D-Link
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2025-1934 MEDIUM PATCH This Month

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-1938 MEDIUM PATCH This Month

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Mozilla
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-47260 MEDIUM This Month

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1321 MEDIUM PATCH This Month

The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Teachpress PHP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0370 MEDIUM PATCH This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Shortcodes Ultimate PHP
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-9618 MEDIUM PATCH This Month

The Master Addons - Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Master Addons
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-0512 MEDIUM PATCH This Month

The Structured Content (JSON-LD) #wpsc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_fs_local_business shortcode in all versions up to, and including, 6.4.5. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Structured Content PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-0433 MEDIUM PATCH This Month

The Master Addons - Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Master Addons PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-58050 MEDIUM This Month

Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-58046 MEDIUM This Month

Permission management vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-27155 MEDIUM PATCH This Month

Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-26318 MEDIUM This Month

hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.8
EPSS
1.4%
CVE-2025-27219 MEDIUM PATCH This Month

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cgi Red Hat Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.8%
CVE-2025-21098 MEDIUM This Month

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20042 MEDIUM This Month

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-0958 MEDIUM PATCH This Month

The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Ultimate Auction PHP
NVD
CVSS 3.1
5.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy