Skip to main content
CVE-2025-30208 MEDIUM POC PATCH THREAT This Month

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 89.0%.

Information Disclosure Vite Red Hat
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
89.0%
Threat
5.2
CVE-2025-2680 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bank Locker Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2679 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bank Locker Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2682 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bank Locker Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2681 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bank Locker Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2678 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bank Locker Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2677 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bank Locker Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2675 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bank Locker Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2674 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bank Locker Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2748 MEDIUM POC PATCH This Month

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.0.178. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Xperience
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-29778 MEDIUM POC PATCH This Month

Kyverno is a policy engine designed for cloud native platform engineering teams. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Kubernetes Kyverno Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-2708 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Ruoyi Vue Pro
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2025-2689 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Yii
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-2687 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Elearning System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2690 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Yii
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2711 MEDIUM POC This Month

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ufida Erp Nc
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2710 MEDIUM POC This Month

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic.jsp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ufida Erp Nc
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2712 MEDIUM POC This Month

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ufida Erp Nc
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2709 MEDIUM POC This Month

A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ufida Erp Nc
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2715 MEDIUM POC This Month

A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2673 MEDIUM POC This Month

A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2700 MEDIUM POC This Month

A vulnerability classified as problematic has been found in michelson Dante Editor up to 0.4.4. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dante3
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2705 MEDIUM This Month

A vulnerability classified as critical has been found in Digiwin ERP 5.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2686 MEDIUM This Month

A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2021-26105 MEDIUM This Month

A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Fortisandbox
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-30551 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartredfox Pretty file links allows Stored XSS.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1558 MEDIUM This Month

Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Denial Of Service Mattermost Mobile Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30553 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Z.com byGMO GMO Font Agent allows Stored XSS.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30566 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aryan Themes Clink allows DOM-Based XSS.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30610 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS.2.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30597 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iografica IG Shortcodes allows DOM-Based XSS.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30595 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tstafford include-file allows Stored XSS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30593 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in samsk Include URL allows Stored XSS.3.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-9103 MEDIUM This Month

Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security (Blocked Messages module) allows Stored XSS.5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-30545 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline issuuPress allows Stored XSS.3.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-30540 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in avaibook AvaiBook allows Stored XSS.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-30539 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benedikt Mo BMo Expo allows Stored XSS.0.15. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-30537 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristian Sarov Upload Quota per User allows Stored XSS.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-30536 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zeitwesentech Beautiful Link Preview allows Stored XSS.5.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-30532 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MorganF Weather Layer allows Stored XSS.2.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-30530 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atikul AI Preloader allows Stored XSS.0.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-30527 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetoolbox My Bootstrap Menu allows Stored XSS.2.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-30575 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arefly Login Redirect allows Stored XSS.0.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-30574 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jenst Mobile Navigation allows Stored XSS.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-30573 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny My Default Post Content allows Stored XSS.7.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-30533 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus Message ticker allows Stored XSS.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-30623 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry wA11y - The Web Accessibility Toolbox allows Stored XSS.0.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-30606 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Logan Carlile Easy Page Transition allows Stored XSS.0.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-30600 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thiagogsrwp WP Hotjar allows Stored XSS.0.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-30599 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp-maverick WP Parallax Content Slider allows Stored XSS.9.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy