Skip to main content
CVE-2025-2320 MEDIUM POC This Month

A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Springboot Openai Chatgpt
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-30022 MEDIUM POC This Month

CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the DATANASC parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Auto Atendimento
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-29782 MEDIUM POC This Month

WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.2%
CVE-2025-29032 MEDIUM POC This Month

Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-29409 MEDIUM POC PATCH This Month

File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection File Upload Nest
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-25872 MEDIUM POC This Month

An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openpanel
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-25873 MEDIUM POC This Month

Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Openadmin
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-2309 MEDIUM POC PATCH This Month

A vulnerability has been found in HDF5 1.14.6 and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hdf5 Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-2310 MEDIUM POC PATCH This Month

A vulnerability was found in HDF5 1.14.6 and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hdf5 Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-2308 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hdf5 Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-2268 MEDIUM This Month

The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service 6Gx09A Firmware 6Gx09E Firmware 9Yf91E Firmware +51
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-40585 MEDIUM This Month

An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortimanager Fortianalyzer
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26626 MEDIUM This Month

The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-47573 MEDIUM This Month

An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortindr
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-12020 MEDIUM This Month

There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Logicaldoc
NVD
CVSS 4.0
6.4
EPSS
0.3%
CVE-2025-1526 MEDIUM PATCH This Month

The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and including, 2.1.9 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Dethemekit For Elementor PHP Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-2166 MEDIUM This Month

The CM FAQ - Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-33300 MEDIUM This Month

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortinac
NVD
CVSS 3.1
5.3
EPSS
3.9%
CVE-2024-45643 MEDIUM This Month

IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Security Qradar Edr
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-29780 MEDIUM This Month

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. Rated medium severity (CVSS 5.8). No vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 4.0
5.8
EPSS
0.3%
CVE-2024-55594 MEDIUM This Month

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Fortinet Fortiweb
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2024-13772 MEDIUM This Month

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Authentication Bypass Civi
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-29779 MEDIUM This Month

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required. No vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-29771 MEDIUM PATCH This Month

HtmlSanitizer is a client-side HTML Sanitizer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-1285 MEDIUM This Month

The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-0955 MEDIUM This Month

The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-1507 MEDIUM PATCH This Month

The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google WordPress Authentication Bypass Dashboard For Google Analytics PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-26312 MEDIUM This Month

SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass by removing the Captcha parameter. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-27606 MEDIUM PATCH This Month

Element Android is an Android Matrix Client provided by Element. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Element Android
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-40590 MEDIUM This Month

An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortiportal
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2023-48785 MEDIUM This Month

An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortinac F
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-1888 MEDIUM This Month

The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-2289 MEDIUM This Month

The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Zegen PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13407 MEDIUM PATCH This Month

The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure Authentication Bypass Omnipress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1528 MEDIUM This Month

The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-45638 MEDIUM This Month

IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user. Rated medium severity (CVSS 4.1). No vendor patch available.

Information Disclosure IBM Security Qradar Edr
NVD
CVSS 3.1
4.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy