Skip to main content
CVE-2025-28145 MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6478ac V3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
9.2%
CVE-2025-28143 MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6478ac V3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
9.2%
CVE-2025-28142 MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6478ac V3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
9.2%
CVE-2025-27892 MEDIUM POC PATCH This Month

Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Shopware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.8%
CVE-2025-1292 MEDIUM POC This Month

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-1122 MEDIUM POC This Month

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-28144 MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack overflow vlunerability via peerPin parameter in the formWsc function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Br 6478ac V3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-27980 MEDIUM POC This Month

cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cashbook
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32949 MEDIUM POC This Month

This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when extracting a Zip Bomb. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Peertube
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-32944 MEDIUM POC This Month

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Peertube
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-28198 MEDIUM POC This Month

A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Hitout Car Sale
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-44843 MEDIUM POC This Month

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Steve
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-22911 MEDIUM POC This Month

RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formiNICbasicREP function. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Re11S Firmware
NVD GitHub
CVSS 3.1
5.6
EPSS
0.3%
CVE-2025-29213 MEDIUM POC This Month

A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Java Jeewms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-3612 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Demtec Graphytics 5.0.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Red Hat
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-32946 MEDIUM POC This Month

This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Peertube
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-32103 MEDIUM POC This Month

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Crushftp
NVD
CVSS 3.1
5.0
EPSS
1.6%
CVE-2025-3613 MEDIUM POC This Month

A vulnerability has been found in Demtec Graphytics 5.0.7 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-32102 MEDIUM POC This Month

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Crushftp
NVD
CVSS 3.1
5.0
EPSS
0.5%
CVE-2023-5616 MEDIUM POC PATCH This Month

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. Public exploit code available.

Authentication Bypass Ubuntu SSH Control Center Ubuntu Linux +2
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-29280 MEDIUM POC This Month

Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Perfreeblog
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13610 MEDIUM POC This Month

The Simple Social Media Share Buttons WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Social Buttons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-13207 MEDIUM POC This Month

The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Widget For Social Page Feeds
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-25458 MEDIUM POC This Month

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2025-25453 MEDIUM POC This Month

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2025-22903 MEDIUM POC This Month

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N600r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2025-29705 MEDIUM POC This Month

code-gen <=2.0.6 is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Code Gen
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-32945 MEDIUM POC This Month

The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Peertube
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-3576 MEDIUM PATCH CISA This Month

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-32779 MEDIUM This Month

E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
3.0%
CVE-2025-30512 MEDIUM This Month

Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-31360 MEDIUM This Month

Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-27565 MEDIUM This Month

An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-27561 MEDIUM This Month

Unauthenticated attackers can rename "rooms" of arbitrary users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-24315 MEDIUM This Month

Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-25276 MEDIUM This Month

An unauthenticated attacker can hijack other users' devices and potentially control them. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-26857 MEDIUM This Month

Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31950 MEDIUM This Month

An unauthenticated attacker can obtain EV charger energy consumption information of other users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31945 MEDIUM This Month

An unauthenticated attacker can obtain other users' charger information. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31147 MEDIUM This Month

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-30257 MEDIUM This Month

Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27929 MEDIUM This Month

Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27927 MEDIUM This Month

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27719 MEDIUM This Month

Unauthenticated attackers can query an API endpoint and get device details. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27575 MEDIUM This Month

An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31941 MEDIUM This Month

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31933 MEDIUM This Month

An unauthenticated attacker can check the existence of usernames in the system by querying an API. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31357 MEDIUM This Month

An unauthenticated attacker can obtain a user's plant list by knowing the username. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-30514 MEDIUM This Month

Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes"). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-30254 MEDIUM This Month

An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy