Skip to main content
CVE-2025-3298 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3305 MEDIUM POC This Month

A vulnerability has been found in 1902756969/code-projects IKUN_Library 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Ikun Library
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3303 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3296 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0.php?f=delete_customer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3297 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-30401 MEDIUM This Month

A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft RCE Whatsapp Windows
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-56370 MEDIUM This Month

Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-2889 MEDIUM This Month

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Additional Parameters in all versions up to, and including, 7.7.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-2544 MEDIUM This Month

The AI Content Pipelines plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-0839 MEDIUM This Month

The ZoomSounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 6.91 due to insufficient input sanitization and output escaping on. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Zoomsounds PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-52322 MEDIUM This Month

WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webservice
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-58036 MEDIUM PATCH This Month

Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Net Suse
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-57868 MEDIUM This Month

Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Web
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-57835 MEDIUM This Month

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Line Integration For Amon2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-1500 MEDIUM This Month

IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM File Upload Maximo Application Suite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-2789 MEDIUM This Month

The MultiVendorX - Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace - Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Multivendorx PHP
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2025-3304 MEDIUM This Month

A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-32366 MEDIUM This Month

In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen) without a check for. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2025-32352 MEDIUM This Month

A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption PHP Authentication Bypass
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-32359 MEDIUM This Month

In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-1233 MEDIUM This Month

The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-32357 MEDIUM This Month

In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-32360 MEDIUM This Month

In Zammad 6.4.x before 6.4.2, there is information exposure. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-32358 MEDIUM This Month

In Zammad 6.4.x before 6.4.2, SSRF can occur. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Zammad
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2025-32365 MEDIUM POC PATCH Monitor

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Poppler Red Hat Suse
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-32364 MEDIUM POC PATCH Monitor

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Poppler Red Hat Suse
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-3299 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy