Skip to main content
CVE-2025-2927 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5.6.3.154.205. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-31163 MEDIUM POC PATCH This Month

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Fig2Dev Suse
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-31162 MEDIUM POC PATCH This Month

Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fig2Dev Suse
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-31164 MEDIUM POC PATCH This Month

heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Fig2Dev Suse
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-28094 MEDIUM POC This Month

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Shopxo
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-28093 MEDIUM POC This Month

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Shopxo
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2025-28092 MEDIUM POC This Month

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Shopxo
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2025-28097 MEDIUM POC This Month

OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Onenav
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-28096 MEDIUM POC This Month

OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Onenav
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2921 MEDIUM POC This Month

A vulnerability classified as critical has been found in Netis WF-2404 1.1.124EN. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Netis Wf 2404 Firmware
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-2917 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Chestnutcms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12619 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.2
EPSS
0.1%
CVE-2025-1762 MEDIUM POC This Month

The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Event Tickets With Ticket Scanner PHP
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-2859 MEDIUM This Month

An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Satech Bcu Firmware
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-2910 MEDIUM This Month

User enumeration in the password reset module of the MeetMe authentication service in versions prior to 2024-09 allows an attacker to determine whether an email address is registered through specific. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2860 MEDIUM This Month

SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Satech Bcu Firmware
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2861 MEDIUM This Month

SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Satech Bcu Firmware
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2862 MEDIUM This Month

SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Satech Bcu Firmware
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2909 MEDIUM This Month

The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-2713 MEDIUM PATCH This Month

Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Google Privilege Escalation Gvisor
NVD GitHub
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-27716 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2024-6875 MEDIUM This Month

A vulnerability was found in the Infinispan component in Red Hat Data Grid. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-2877 MEDIUM PATCH This Month

Ansible Automation Platform's Event-Driven Ansible exposes inventory passwords in plain text when debug verbosity is enabled during rulebook activation, affecting both standard debug actions and Event Streams configurations. Authenticated users with access to debug-enabled ruleebooks can retrieve plaintext credentials through logs or console output. With CVSS 6.5 and EPSS 0.26% (percentile 49%), this represents moderate severity; no active exploitation has been confirmed, but the low complexity and authenticated-only requirement (PR:L) make this a practical concern for organizations using debug-level logging in production environments.

Ansible Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-27001 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Shipmondo Shipmondo - A complete shipping solution for WooCommerce allows Retrieve Embedded Sensitive Data.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-31465 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in cornershop Better Section Navigation Widget allows Stored XSS.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31453 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stian Andreassen YouTube SimpleGallery allows Stored XSS.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31452 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mindshare Labs, Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31451 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kevinweber wBounce allows Stored XSS.8.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31450 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phantom.omaga Toggle Box allows Stored XSS.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31434 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Stored XSS.5.19. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31433 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Miguel Sirvent Magic Embeds allows Stored XSS.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31096 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX allows DOM-Based XSS.1.25. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31094 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS.3.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31093 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redpixelstudios RPS Include Content allows DOM-Based XSS.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31090 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alordiel Dropdown Multisite selector allows Stored XSS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31088 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions allows Stored XSS.14.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31083 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 Leaky Paywall allows Stored XSS.21.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31077 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks allows DOM-Based XSS.2.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31075 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in videowhisper MicroPayments allows Stored XSS.9.29. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31073 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Compete Themes Unlimited allows Stored XSS.45. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-31092 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team Click to Chat - WP Support All-in-One Floating Widget allows Stored XSS.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2781 MEDIUM This Month

The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-2782 MEDIUM This Month

The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-2804 MEDIUM This Month

The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the 'account_id' and 'account_username' parameters in all versions up to,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-1705 MEDIUM This Month

The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-58130 MEDIUM PATCH This Month

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Misp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-31473 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewprice1178 WP Database Optimizer allows Stored XSS.2.1.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-31472 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michele Marri Flatty allows Stored XSS.0.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-31471 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Falcon Solutions Duplicate Page and Post allows Stored XSS.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-31470 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Page Takeover allows Stored XSS.1.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy