Skip to main content
CVE-2025-3729 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0.php of the component Database Backup Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
4.9%
CVE-2025-3663 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513.cgi of the component Password Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
1.6%
CVE-2025-3668 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-3675 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-3667 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-3666 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-3727 MEDIUM POC This Month

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3726 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3725 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3724 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3723 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3683 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3682 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3681 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3680 MEDIUM POC This Month

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3679 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3678 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3674 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3665 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3664 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3694 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3690 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3689 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-1704 MEDIUM POC This Month

ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Google Chrome Os +1
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-29710 MEDIUM POC This Month

SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Services. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Company Website Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-40068 MEDIUM POC This Month

Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Id Generator System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-40069 MEDIUM POC This Month

Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Id Generator System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-3686 MEDIUM POC This Month

A vulnerability classified as problematic was found in misstt123 oasys 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Oasys
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-3684 MEDIUM POC This Month

A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Kindergarten Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3676 MEDIUM POC This Month

A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-32385 MEDIUM POC This Month

EspoCRM is an Open Source Customer Relationship Management software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3697 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3696 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3685 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3687 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Oasys
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3691 MEDIUM POC This Month

A vulnerability was found in mirweiye Seven Bears Library CMS 2023. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Seven Bears Library Cms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-40070 MEDIUM POC This Month

Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE File Upload Online Id Generator System
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2024-40074 MEDIUM POC This Month

Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Id Generator System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-10680 MEDIUM POC This Month

The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Form Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-3692 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-3728 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Simple Hotel Booking System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Simple Hotel Booking System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3730 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Pytorch AI / ML
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-32783 MEDIUM POC This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-24907 MEDIUM This Month

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2025-24908 MEDIUM This Month

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2025-30100 MEDIUM This Month

Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Dell Authentication Bypass Alienware Command Center
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-39538 MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in Mathieu Chartier WP-Advanced-Search allows Upload a Web Shell to a Web Server.3.9.3. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2025-39565 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security allows Object Injection.1.0. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-53304 MEDIUM This Month

An issue in LRQA Nettitude PoshC2 after commit 09ee2cf allows unauthenticated attackers to connect to the C2 server and execute arbitrary commands via posing as an infected machine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-0101 MEDIUM This Month

A low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy