Skip to main content
CVE-2019-16151 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-26500 MEDIUM This Month

: Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-25274 MEDIUM PATCH This Month

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-24920 MEDIUM PATCH This Month

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-30179 MEDIUM PATCH This Month

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-30347 MEDIUM This Month

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Varnish Enterprise
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-2606 MEDIUM POC This Month

A vulnerability was found in SourceCodester Best Church Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Best Church Management Software
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2604 MEDIUM POC This Month

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft PHP SQLi Advocate Office Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2601 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft PHP SQLi Advocate Office Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-25036 MEDIUM This Month

Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.0.8 (SP8). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-25035 HIGH This Month

Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.0.8 (SP8), before 10.0.7 (SP7), before. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-2593 MEDIUM POC This Month

A vulnerability has been found in FastCMS up to 0.1.5 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fastcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-29641 HIGH POC This Month

Phpgurukul Vehicle Record Management System v1.0 is vulnerable to SQL Injection in /index.php via the 'searchinputdata' parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Vehicle Record Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-29640 MEDIUM POC This Month

Phpgurukul Human Metapneumovirus (HMPV) - Testing Management System v1.0 is vulnerable to SQL Injection in /patient-report.php via the parameter searchdata.. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Metapneumovirus Hmpv Testing Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27612 MEDIUM PATCH This Month

libcontainer is a library for container control. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-2588 MEDIUM POC PATCH Monitor

A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Augeas Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-27715 LOW PATCH Monitor

Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Mattermost Server
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-30348 MEDIUM PATCH This Month

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Suse
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-2582 MEDIUM POC This Month

A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Machines Forum
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-30345 LOW POC Monitor

An issue was discovered in OpenSlides before 4.2.5. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Openslides
NVD
CVSS 3.1
3.5
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy