Skip to main content
CVE-2025-2736 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2739 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2740 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Old Age Home Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2734 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-55029 MEDIUM POC This Month

NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fprime
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-10566 MEDIUM POC This Month

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Slider
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-10565 MEDIUM POC This Month

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Slider
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-11272 MEDIUM POC This Month

The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pirate Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-10105 MEDIUM POC This Month

The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jobs For Wordpress
NVD WPScan
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-2752 MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic.h of the component CSM File Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-2743 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ruoyi Vue Pro
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-2757 MEDIUM POC PATCH This Month

A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2756 MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2755 MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2753 MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2750 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-9770 MEDIUM POC This Month

The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Recall
NVD WPScan
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-29789 MEDIUM POC PATCH This Month

OpenEMR is a free and open source electronic health records and medical practice management application. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Openemr
NVD GitHub
CVSS 4.0
4.6
EPSS
0.2%
CVE-2024-13118 MEDIUM POC This Month

The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ip Based Login
NVD WPScan
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-12109 MEDIUM POC This Month

The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Product Labels For Woocommerce Sale Badges
NVD WPScan
CVSS 3.1
4.1
EPSS
0.1%
CVE-2024-10638 MEDIUM POC This Month

The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Product Labels For Woocommerce Sale Badges
NVD WPScan
CVSS 3.1
4.1
EPSS
0.1%
CVE-2024-10206 MEDIUM This Month

A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-11499 MEDIUM This Month

A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2738 MEDIUM This Month

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2737 MEDIUM This Month

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-8315 MEDIUM This Month

An Improper Handling of Insufficient Permissions or Privileges vulnerability in scripts used in B&R APROL <4.4-00P5 may allow an authenticated local attacker to read credential information. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-30212 MEDIUM PATCH This Month

Frappe is a full-stack web application framework. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Frappe
NVD GitHub
CVSS 4.0
6.6
EPSS
0.1%
CVE-2025-27631 MEDIUM This Month

The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection LDAP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-26742 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.0.0.35. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30213 MEDIUM PATCH This Month

Frappe is a full-stack web application framework. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Frappe
NVD GitHub
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-12623 MEDIUM This Month

The DICOM Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dcm' shortcode in all versions up to, and including, 0.10.6 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-2542 MEDIUM This Month

The Your Simple SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13731 MEDIUM This Month

The Alert Box Block - Display notice/alerts in the front end. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-0845 MEDIUM This Month

The DesignThemes Core Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.8 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-2635 MEDIUM This Month

The Digital License Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg() function without appropriate escaping on the URL in all versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2025-27632 MEDIUM This Month

A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-30219 MEDIUM PATCH This Month

RabbitMQ is a messaging and streaming broker. Rated medium severity (CVSS 6.1). No vendor patch available.

RCE XSS Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-10037 MEDIUM This Month

A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 4.0
5.9
EPSS
0.3%
CVE-2024-31896 MEDIUM This Month

IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Spss Statistics
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-2312 MEDIUM PATCH This Month

A flaw was found in cifs-utils. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-2109 MEDIUM This Month

The WP Compress - Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF Wp Compress PHP
NVD
CVSS 3.1
5.8
EPSS
0.3%
CVE-2024-8314 MEDIUM This Month

An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL <4.4-00P5 may allow an authenticated. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-2510 MEDIUM This Month

The Frndzk Expandable Bottom Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text' parameter in all versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-1804 MEDIUM PATCH This Month

accountsservice no longer drops permissions when writting .pam_environment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Accountsservice Ubuntu Linux Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27810 MEDIUM PATCH This Month

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27809 MEDIUM PATCH This Month

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10207 MEDIUM This Month

A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to force the web server to request arbitrary URLs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2252 MEDIUM PATCH This Month

The Easy Digital Downloads - eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Easy Digital Downloads PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-2224 MEDIUM This Month

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-2717 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy