Skip to main content
CVE-2025-2473 MEDIUM POC THREAT This Month

A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

PHP SQLi Company Visitor Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
13.0%
CVE-2025-2472 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-57151 MEDIUM POC This Month

SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Xinhu
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-57170 MEDIUM POC This Month

SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Denial Of Service Soplanning
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-25582 MEDIUM POC This Month

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yimioa
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-25590 MEDIUM POC This Month

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yimioa
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-25580 MEDIUM POC This Month

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yimioa
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-2471 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Boat Booking System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2491 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Ujcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-2490 MEDIUM POC This Month

A vulnerability was found in Dromara ujcms 9.7.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Java Ujcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-25586 MEDIUM POC This Month

yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. Rated medium severity (CVSS 4.2). Public exploit code available and no vendor patch available.

Information Disclosure Yimioa
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-2489 MEDIUM This Month

Insecure information storage vulnerability in NTFS Tools version 3.5.1. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-0694 MEDIUM CISA This Month

Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-26138 MEDIUM This Month

Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Risk Value
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-44314 MEDIUM PATCH This Month

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Tastyigniter
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30110 MEDIUM This Month

On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30109 MEDIUM This Month

In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-27080 MEDIUM This Month

Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2024-41975 MEDIUM CISA This Month

An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-2495 MEDIUM This Month

Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel Ltd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Softdial Contact Center
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2487 MEDIUM PATCH This Month

A flaw was found in the 389-ds-base LDAP Server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2025-25042 MEDIUM This Month

A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49822 MEDIUM This Month

IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Qradar Advisor
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-30138 MEDIUM Monitor

An issue was discovered on G-Net Dashcam BB GONX devices. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass G Onx Firmware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-29930 MEDIUM This Month

imFAQ is an advanced questions and answers management system for ImpressCMS. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-29790 MEDIUM PATCH Monitor

Contao is an Open Source CMS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Contao
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy