Skip to main content
CVE-2025-3556 MEDIUM POC This Month

A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure PHP Ecommerce Website In Php
NVD VulDB
CVSS 4.0
6.3
EPSS
0.8%
CVE-2025-3555 MEDIUM POC This Month

A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure PHP Ecommerce Website In Php
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-9230 MEDIUM POC This Month

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Powerpress
NVD WPScan
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-3593 MEDIUM POC This Month

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload My Blog Layui
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3558 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in ghostxbh uzy-ssm-mall 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Uzy Ssm Mall
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3587 MEDIUM POC This Month

A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Studentmanager
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3585 MEDIUM POC This Month

A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Cicadascms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3564 MEDIUM POC This Month

A vulnerability classified as problematic has been found in huanfenz/code-projects StudentManager up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Studentmanager
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3557 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Ecommerce Website In Php
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3561 MEDIUM POC This Month

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Uzy Ssm Mall
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3559 MEDIUM POC This Month

A vulnerability has been found in ghostxbh uzy-ssm-mall 1.0.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Uzy Ssm Mall
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3553 MEDIUM POC This Month

A vulnerability was found in phpshe 1.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Phpshe
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3589 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Music Class Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Music Class Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3554 MEDIUM POC This Month

A vulnerability was found in phpshe 1.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpshe
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3569 MEDIUM POC This Month

A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Db Hospital Drug
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3565 MEDIUM POC This Month

A vulnerability classified as critical was found in huanfenz/code-projects StudentManager 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Studentmanager
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-3563 MEDIUM POC This Month

A vulnerability was found in WuzhiCMS 4.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Wuzhicms
NVD VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-3592 MEDIUM POC This Month

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Blog Layui
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3591 MEDIUM POC This Month

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Blog Layui
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3570 MEDIUM POC This Month

A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Db Hospital Drug
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3560 MEDIUM POC This Month

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Uzy Ssm Mall
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3568 MEDIUM POC This Month

A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Krayin Crm
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-29720 MEDIUM POC This Month

Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-3277 MEDIUM PATCH CISA This Month

An integer overflow can be triggered in SQLite’s `concat_ws()` function. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Sqlite Red Hat +1
NVD
CVSS 4.0
6.9
EPSS
0.7%
CVE-2025-3566 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in veal98 小牛肉 Echo 开源社区系统 4.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-32912 MEDIUM PATCH This Month

A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-32910 MEDIUM PATCH This Month

A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-49825 MEDIUM This Month

IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2022-43851 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-2572 MEDIUM This Month

In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Whatsup Gold
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-32907 MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-43850 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Console
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-43847 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Aspera Console
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-2475 MEDIUM PATCH This Month

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-32909 MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2025-3562 MEDIUM This Month

A vulnerability was found in Yonyou YonBIP MA2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3547 MEDIUM This Month

A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Agent Zero
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2022-43852 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3590 MEDIUM This Month

A vulnerability has been found in Adianti Framework up to 8.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3567 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3550 MEDIUM This Month

A vulnerability has been found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-10087 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iksoris
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3571 MEDIUM This Month

A vulnerability was found in Fannuo Enterprise Content Management System 凡诺企业网站管理系统 1.1/4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-49705 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iksoris
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13597 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-49707 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iksoris
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-13598 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iksoris
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-10090 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iksoris
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-10088 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iksoris
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-49706 MEDIUM This Month

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Iksoris
NVD
CVSS 4.0
5.1
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy