Skip to main content
CVE-2025-2548 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-9107 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Chuanhuchatgpt
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-2553 MEDIUM POC This Month

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8400 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Chuanhuchatgpt
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10723 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass XSS Phpipam
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10721 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass XSS Phpipam
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10363 MEDIUM POC PATCH This Month

In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%
CVE-2025-0281 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in lunary-ai/lunary versions 1.6.7 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Lunary
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-11850 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dify
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10725 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpipam
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10724 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpipam
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10722 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpipam
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-12871 MEDIUM POC This Month

An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ragflow
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10719 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Phpipam
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2552 MEDIUM POC This Month

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-2551 MEDIUM POC This Month

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-2550 MEDIUM POC This Month

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-2547 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in D-Link DIR-618 and DIR-605L 2.02/3.02. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-6839 MEDIUM POC PATCH This Month

corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Flask Cors Suse
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-6483 MEDIUM POC This Month

A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Aim
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2024-6838 MEDIUM POC This Month

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mlflow AI / ML
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-11167 MEDIUM POC PATCH This Month

An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-8251 MEDIUM POC PATCH This Month

A vulnerability in mintplex-labs/anything-llm prior to version 1.2.2 allows for Prisma injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Authentication Bypass Anythingllm
NVD GitHub
CVSS 3.0
5.3
EPSS
0.1%
CVE-2024-12580 MEDIUM POC PATCH This Month

A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Librechat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-0640 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Chatwoot
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-10359 MEDIUM POC PATCH This Month

In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Librechat
NVD GitHub
CVSS 3.0
4.6
EPSS
0.1%
CVE-2024-6583 MEDIUM POC This Month

A path traversal vulnerability exists in the latest version of stangirard/quivr. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Quivr
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2024-11821 MEDIUM POC This Month

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dify
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2024-13060 MEDIUM POC PATCH This Month

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Docker Anythingllm Docker
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-7046 MEDIUM POC This Month

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2024-7045 MEDIUM POC This Month

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2024-10457 MEDIUM This Month

Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Authentication Bypass
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2025-1496 MEDIUM This Month

Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot allows Password Brute Forcing, Authentication Abuse.26.0.R.20250227. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1802 MEDIUM PATCH This Month

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘marker_title’, 'notification_content', and 'stt_button_text' parameters in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ht Mega PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-2108 MEDIUM This Month

The 140+ Widgets | Xpro Addons For Elementor - FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Site Title’ widget's 'title_tag' and 'html_tag' parameters in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-6577 MEDIUM This Month

In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pytorch AI / ML
NVD
CVSS 3.0
6.3
EPSS
0.1%
CVE-2024-8982 MEDIUM This Month

A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
6.2
EPSS
0.0%
CVE-2024-48591 MEDIUM This Month

Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Spirateam
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-11441 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in Serge version 0.9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2024-0245 MEDIUM This Month

A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2024-12870 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch (cec2080). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass XSS
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2025-29914 MEDIUM PATCH This Month

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Authentication Bypass Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-0192 MEDIUM This Month

A stored Cross-site Scripting (XSS) vulnerability exists in the latest version of wandb/openui. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2024-9699 MEDIUM PATCH This Month

A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with a JavaScript payload disguised as a filename. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Flatpress
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-1766 MEDIUM This Month

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Eventin PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-12217 MEDIUM This Month

A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Windows
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2024-10940 MEDIUM PATCH This Month

A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Langchain AI / ML Red Hat
NVD GitHub
CVSS 3.0
5.3
EPSS
0.1%
CVE-2025-2556 MEDIUM This Month

A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-2565 MEDIUM PATCH This Month

The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10,. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2557 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Audi UTR Dashcam 2.0. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy