Skip to main content
CVE-2025-1962 MEDIUM POC This Month

A vulnerability was found in projectworlds Online Hotel Booking 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hotel Booking
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1965 MEDIUM POC This Month

A vulnerability classified as critical has been found in projectworlds Online Hotel Booking 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hotel Booking
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-1964 MEDIUM POC This Month

A vulnerability was found in projectworlds Online Hotel Booking 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hotel Booking
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-1963 MEDIUM POC This Month

A vulnerability was found in projectworlds Online Hotel Booking 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hotel Booking
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-1966 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre School Enrollment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-25634 MEDIUM POC This Month

A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-27412 MEDIUM POC PATCH This Month

REDAXO is a PHP-based CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redaxo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-48246 MEDIUM POC This Month

Vehicle Management System 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the "Name" parameter of /vehicle-management/booking.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Vehicle Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-27411 MEDIUM POC PATCH This Month

REDAXO is a PHP-based CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Redaxo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-1967 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-23416 MEDIUM This Month

Path traversal may lead to arbitrary file deletion. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-21095 MEDIUM This Month

Path traversal may lead to arbitrary file download. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-27515 MEDIUM PATCH This Month

Laravel is a web application framework. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Framework Laravel
NVD GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-20002 MEDIUM This Month

After attempting to upload a file that does not meet prerequisites, GMOD Apollo will respond with local path information disclosure. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1714 MEDIUM This Month

Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-24521 MEDIUM This Month

External XML entity injection allows arbitrary download of files. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-0141 MEDIUM This Month

NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the GPU vBIOS that may allow a malicious actor with tenant level GPU access to write to an unsupported registry causing a bad state. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Denial Of Service
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-13815 MEDIUM This Month

The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Code Injection
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2025-0954 MEDIUM This Month

The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the json_import() and json_export() functions in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-13780 MEDIUM This Month

The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenu_delete_menu() function in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-13809 MEDIUM This Month

The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.3.5 due to insufficient escaping on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13778 MEDIUM This Month

The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to SQL Injection via several functions in all versions up to, and including, 1.16.5 due to insufficient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1921 MEDIUM PATCH This Month

Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-5667 MEDIUM This Month

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library (versions 1.7.13 to 1.7.14) in various versions due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1008 MEDIUM This Month

The Recently Purchased Products For Woo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘view’ parameter in all versions up to, and including, 1.1.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12815 MEDIUM This Month

The Point Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'point_maker' shortcode in all versions up to, and including, 0.1.6 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13866 MEDIUM This Month

The Simple Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13757 MEDIUM This Month

The Master Slider - Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Master Slider
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-11731 MEDIUM This Month

The Master Slider - Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slider shortcode in all versions up to, and including, 3.10.6 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13350 MEDIUM This Month

The SearchIQ - The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1435 MEDIUM This Month

The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-13839 MEDIUM This Month

The Staff Directory Plugin: Company Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-13827 MEDIUM This Month

The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg() and remove_query_arg() functions without. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-13779 MEDIUM This Month

The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'index' parameter in all versions up to, and including, 1.16.5 due. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-27653 MEDIUM This Month

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vasion Print Virtual Appliance
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-27676 MEDIUM This Month

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Reports V-2023-002. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vasion Print Virtual Appliance
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-27654 MEDIUM This Month

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vasion Print Virtual Appliance
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-27637 MEDIUM This Month

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vasion Print Virtual Appliance
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-27679 MEDIUM This Month

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Badge Registration V-2023-005. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vasion Print Virtual Appliance
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-22493 MEDIUM This Month

Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-27516 MEDIUM PATCH This Month

Jinja is an extensible templating engine. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity.

Python RCE Ssti Jinja Debian Linux +2
NVD GitHub
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-12650 MEDIUM This Month

An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-27660 MEDIUM This Month

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross Site Scripting OVE-20230524-0003. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vasion Print Virtual Appliance
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27624 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Red Hat
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-13423 MEDIUM This Month

The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparkling_activate_plugin' and 'sparkling_deactivate_plugin'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-8682 MEDIUM This Month

The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-11153 MEDIUM This Month

The Content Control - The Ultimate Content Restriction Plugin!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-20208 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Telepresence Management Suite
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-27623 MEDIUM PATCH This Month

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-13811 MEDIUM This Month

The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_import_lafka' AJAX. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy