Skip to main content
CVE-2025-31125 MEDIUM POC KEV PATCH THREAT Act Now

Vite is a frontend tooling framework for javascript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Vite Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
83.3%
Threat
6.6
CVE-2025-2292 MEDIUM POC THREAT This Month

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.2.35. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 68.8% and no vendor patch available.

Path Traversal Completepbx
NVD
CVSS 3.1
6.5
EPSS
68.8%
Threat
4.9
CVE-2025-31117 MEDIUM POC PATCH This Month

OpenEMR is a free and open source electronic health records and medical practice management application. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Openemr
NVD GitHub
CVSS 4.0
6.9
EPSS
1.0%
CVE-2025-2996 MEDIUM POC This Month

A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2025-2992 MEDIUM POC This Month

A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2025-2991 MEDIUM POC This Month

A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2025-2993 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-2995 MEDIUM POC This Month

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-2994 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-2990 MEDIUM POC This Month

A vulnerability was found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-3006 MEDIUM POC This Month

A vulnerability was found in PHPGurukul e-Diary Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi E Diary Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-30149 MEDIUM POC PATCH This Month

OpenEMR is a free and open source electronic health records and medical practice management application. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Openemr
NVD GitHub
CVSS 3.1
6.4
EPSS
0.7%
CVE-2025-0613 MEDIUM POC This Month

The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Photo Gallery PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-3016 MEDIUM POC PATCH This Month

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-3015 MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-3040 MEDIUM POC This Month

A vulnerability was found in Project Worlds Online Time Table Generator 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Online Time Table Generator
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-2978 MEDIUM POC This Month

A vulnerability was found in WCMS 11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Wcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-2997 MEDIUM POC This Month

A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Youkefu
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3039 MEDIUM POC This Month

A vulnerability was found in code-projects Payroll Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3038 MEDIUM POC This Month

A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2985 MEDIUM POC This Month

A vulnerability was found in code-projects Payroll Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2984 MEDIUM POC This Month

A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3018 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3005 MEDIUM POC This Month

A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Forestblog
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-3004 MEDIUM POC This Month

A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Forestblog Red Hat
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-2974 MEDIUM POC This Month

A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Perfex Crm
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2977 MEDIUM POC This Month

A vulnerability was found in GFI KerioConnect 10.0.6. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kerio Connect
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2975 MEDIUM POC This Month

A vulnerability was found in GFI KerioConnect 10.0.6 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kerio Connect
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2976 MEDIUM POC This Month

A vulnerability was found in GFI KerioConnect 10.0.6. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Kerio Connect
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3036 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Studentservlet Jsp
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-2979 MEDIUM POC This Month

A vulnerability classified as problematic has been found in WCMS 11. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-31116 MEDIUM POC PATCH This Month

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

SSRF Mobile Security Framework
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2025-27095 MEDIUM POC This Month

JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Jumpserver
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-3002 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
2.6%
CVE-2025-31128 MEDIUM PATCH This Month

gifplayer is a customizable jquery plugin to play and stop animated gifs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3047 MEDIUM PATCH This Month

When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-3048 MEDIUM PATCH This Month

After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-24272 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2025-31680 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.0.0 before 1.24.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Matomo Analytics Drupal
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-31683 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.0.0 before 1.8.0, from 2.0.0 before 2.0.8. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google CSRF Google Tag Drupal
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-31688 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.0.0 before 1.10.0, from 2.0.0 before 2.0.2. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Configuration Split Drupal
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-31684 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.0.0 before 4.1.3. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Oauth2 Client Drupal
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-31192 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-31693 MEDIUM PATCH This Month

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.0.0 before 1.0.5. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Artificial Intelligence Drupal
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2025-24194 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2025-3062 MEDIUM This Month

Vulnerability in Drupal Drupal Admin LTE theme.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Admin Lte Theme Drupal
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2025-31577 MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in appointify Appointify allows Upload a Web Shell to a Web Server.0.8. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2025-3060 MEDIUM This Month

Vulnerability in Drupal Flattern - Multipurpose Bootstrap Business Profile.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Flattern Drupal
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2025-3061 MEDIUM This Month

Vulnerability in Drupal Material Admin.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Material Admin Drupal
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-30446 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.7%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy