Skip to main content
CVE-2025-2609 MEDIUM POC PATCH This Month

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Magnusbilling
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
5.5%
CVE-2025-2610 MEDIUM POC PATCH This Month

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Magnusbilling
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
2.3%
CVE-2024-13903 MEDIUM POC PATCH This Month

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Quickjs
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-30342 MEDIUM POC This Month

An XSS issue was discovered in OpenSlides before 4.2.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openslides
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2592 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3.cpp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-2608 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banquet Booking System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2602 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft PHP SQLi Advocate Office Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2607 MEDIUM POC This Month

A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Lzcms Laozhangbokexitong
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2591 MEDIUM POC PATCH This Month

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-30344 MEDIUM POC This Month

An issue was discovered in OpenSlides before 4.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Openslides
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-2603 MEDIUM POC This Month

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft PHP SQLi Advocate Office Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2587 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Jinher OA C6 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jinher Oa C6
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2583 MEDIUM POC This Month

A vulnerability was found in SimpleMachines SMF 2.1.4. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Machines Forum
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-2589 MEDIUM POC This Month

A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical.go. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Human Resource Management
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-2590 MEDIUM POC This Month

A vulnerability was found in code-projects Human Resource Management System 1.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Human Resource Management
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-30168 MEDIUM PATCH This Month

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Node.js
NVD GitHub
CVSS 3.1
6.9
EPSS
0.2%
CVE-2023-43029 MEDIUM This Month

IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Storage Virtualize Plugin For Vsphere
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-54564 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30157 MEDIUM PATCH This Month

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-29227 MEDIUM This Month

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2025-29226 MEDIUM This Month

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2025-29223 MEDIUM This Month

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-50053 MEDIUM This Month

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp Manageengine Supportcentre Plus
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-2598 MEDIUM PATCH This Month

When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aws Cloud Development Kit
NVD GitHub
CVSS 4.0
5.7
EPSS
0.0%
CVE-2023-28207 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-2581 MEDIUM This Month

A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xmedcon
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2025-30346 MEDIUM PATCH This Month

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Request Smuggling Varnish Enterprise Varnish Cache Red Hat +1
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-27933 MEDIUM PATCH This Month

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2021-25635 MEDIUM PATCH This Month

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required.

Information Disclosure Libreoffice Red Hat Suse
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2025-2597 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in ITIUM 6050 version 5.5.5.2-b3526 from Impact Technologies. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Itium 6050 Firmware
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2019-16151 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-26500 MEDIUM This Month

: Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-25274 MEDIUM PATCH This Month

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-24920 MEDIUM PATCH This Month

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-30179 MEDIUM PATCH This Month

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-30347 MEDIUM This Month

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Varnish Enterprise
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-2606 MEDIUM POC This Month

A vulnerability was found in SourceCodester Best Church Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Best Church Management Software
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2604 MEDIUM POC This Month

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft PHP SQLi Advocate Office Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2601 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft PHP SQLi Advocate Office Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-25036 MEDIUM This Month

Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.0.8 (SP8). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-2593 MEDIUM POC This Month

A vulnerability has been found in FastCMS up to 0.1.5 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fastcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-29640 MEDIUM POC This Month

Phpgurukul Human Metapneumovirus (HMPV) - Testing Management System v1.0 is vulnerable to SQL Injection in /patient-report.php via the parameter searchdata.. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Metapneumovirus Hmpv Testing Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27612 MEDIUM PATCH This Month

libcontainer is a library for container control. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-2588 MEDIUM POC PATCH Monitor

A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Augeas Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-30348 MEDIUM PATCH This Month

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Suse
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-2582 MEDIUM POC This Month

A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Machines Forum
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy