Skip to main content
CVE-2024-55060 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Rafed Cms Website
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-28803 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Italtel S.p.A. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Mcs Nfv
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-57348 MEDIUM POC This Month

Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Pecan
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-28011 MEDIUM POC This Month

A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi User Registration Login And User Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-29773 MEDIUM POC PATCH This Month

Froxlor is open-source server administration software. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Froxlor
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-28010 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability has been identified in MODX prior to 3.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Modx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-55198 MEDIUM POC This Month

User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1 password recovery functionality which allows a remote attacker to enumerate users through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Celk Saude
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-28015 MEDIUM POC This Month

A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS User Registration Login And User Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-22880 MEDIUM POC This Month

Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE XSS Zadarma
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-13054 MEDIUM This Month

An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2024-57062 MEDIUM This Month

An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. Rated medium severity (CVSS 6.7). No vendor patch available.

Apple Privilege Escalation Soundcloud
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-1636 MEDIUM This Month

Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Hashicorp Information Disclosure Remote Desktop Manager Windows
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-1635 MEDIUM This Month

Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Remote Desktop Manager Windows
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-1767 MEDIUM PATCH This Month

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2278 MEDIUM This Month

Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1257 MEDIUM This Month

An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25363 MEDIUM This Month

An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian XSS Enterprise Mail Handler
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1559 MEDIUM This Month

The CC-IMG-Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'img' shortcode in all versions up to, and including, 1.1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1503 MEDIUM This Month

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Roundup Recipe Name field in all versions up to, and including, 9.8.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-9042 MEDIUM PATCH This Month

This CVE affects only Windows worker nodes. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Windows Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-1785 MEDIUM PATCH This Month

The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Denial Of Service Download Manager PHP
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2025-25625 MEDIUM This Month

A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d_118101 and web firmware v2.2.2, which allows an authenticated web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS S3150 8T2F Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-13887 MEDIUM This Month

The Business Directory Plugin - Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-2250 MEDIUM This Month

The WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-29768 MEDIUM PATCH This Month

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Vim Bootstrap Os Red Hat Suse +1
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-12380 MEDIUM This Month

An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-21104 MEDIUM This Month

Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Dell Networker
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-30143 MEDIUM This Month

HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-2104 MEDIUM PATCH This Month

The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Pagelayer PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13703 MEDIUM This Month

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-0652 MEDIUM This Month

An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2020-36843 MEDIUM PATCH This Month

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Jwt Attack Information Disclosure Java Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy