Skip to main content
CVE-2025-2067 MEDIUM POC This Month

A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Life Insurance Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2065 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Life Insurance Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2064 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in projectworlds Life Insurance Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Life Insurance Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2063 MEDIUM POC This Month

A vulnerability classified as critical was found in projectworlds Life Insurance Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Life Insurance Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2066 MEDIUM POC This Month

A vulnerability has been found in projectworlds Life Insurance Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Life Insurance Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2062 MEDIUM POC This Month

A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Life Insurance Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2088 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System up to 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre School Enrollment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2060 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Emergency Ambulance Hiring Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2050 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul User Registration & Login and User Management System 3.3. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi User Registration Login And User Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2059 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Emergency Ambulance Hiring Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-2058 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Emergency Ambulance Hiring Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-2057 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Emergency Ambulance Hiring Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-2094 MEDIUM POC This Month

A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
6.9%
CVE-2025-2096 MEDIUM POC This Month

A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.2%
CVE-2025-2095 MEDIUM POC This Month

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.2%
CVE-2025-2089 MEDIUM POC This Month

A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Starsea Mall
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2052 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2051 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2061 MEDIUM POC This Month

A vulnerability was found in code-projects Online Ticket Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Ticket Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2053 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-2090 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Pre School Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2086 MEDIUM POC This Month

A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Starsea Mall
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2085 MEDIUM POC This Month

A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Starsea Mall
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2084 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Human Metapneumovirus
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2054 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-2087 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Starsea Mall
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2024-9458 MEDIUM POC This Month

The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Reservit Hotel
NVD WPScan Exploit-DB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2025-27518 MEDIUM This Month

Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-1121 MEDIUM This Month

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Os Chrome
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-1768 MEDIUM PATCH This Month

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Seo Plugin By Squirrly Seo PHP
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-13781 MEDIUM This Month

The Hero Maps Premium plugin for WordPress is vulnerable to SQL Injection via several AJAX actions in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Hero Maps Premium
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-12609 MEDIUM This Month

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi School Management System
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-12607 MEDIUM This Month

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi School Management System
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0863 MEDIUM This Month

The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idx_frame' shortcode in all versions up to, and including, 3.14.27 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12809 MEDIUM This Month

The Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishlist_button' shortcode in all versions up to, and including, 1.0.43 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-27826 MEDIUM This Month

An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-27825 MEDIUM This Month

An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-27824 MEDIUM This Month

An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-27823 MEDIUM This Month

An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13805 MEDIUM PATCH This Month

The Advanced File Manager - Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Advanced File Manager
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2024-53695 MEDIUM This Month

A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Hybrid Backup Sync
NVD
CVSS 4.0
6.3
EPSS
0.2%
CVE-2024-13431 MEDIUM PATCH This Month

The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accent_color and background parameter in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-12634 MEDIUM This Month

The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-13857 MEDIUM This Month

The WPGet API - Connect to any external REST API plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.10. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21835 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21838 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal device_del() can lead to new work being scheduled in gadget->work. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21839 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Code Injection Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21843 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthor_ioctl_dev_query() 'priorities_info' is uninitialized, and the uninitialized value is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21840 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool [1], which uses the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21842 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: amdkfd: properly free gang_ctx_bo when failed to init user queue The destructor of a gtt bo is declared as void. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy