Skip to main content
CVE-2025-3762 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-29456 MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29453 MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29455 MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29454 MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29450 MEDIUM POC This Month

An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Twonav
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29449 MEDIUM POC This Month

An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Twonav
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-28101 MEDIUM POC This Month

{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flaskblog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29722 MEDIUM POC This Month

A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Commercify
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-29015 MEDIUM POC This Month

Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Internet Banking System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-40124 MEDIUM POC PATCH This Month

Pydio Core <= 8.2.5 is vulnerable to Cross Site Scripting (XSS) via the New URL Bookmark feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pydio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-3765 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3764 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3763 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Phone Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Phone Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-31338 MEDIUM This Month

A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.9
EPSS
1.0%
CVE-2025-43013 MEDIUM This Month

In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Toolbox
NVD
CVSS 3.1
6.9
EPSS
0.0%
CVE-2025-27283 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in rockgod100 Theme File Duplicator allows Path Traversal.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-24577 MEDIUM This Month

Missing Authorization vulnerability in Ays Pro Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.5.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-39554 MEDIUM This Month

Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech allows Exploiting Incorrectly Configured Access Control Security Levels.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-24583 MEDIUM This Month

Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels.16.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-24581 MEDIUM This Month

Missing Authorization vulnerability in Themefic Instantio allows Exploiting Incorrectly Configured Access Control Security Levels.3.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-23958 MEDIUM This Month

Missing Authorization vulnerability in FADI MED Editor Wysiwyg Background Color allows Exploiting Incorrectly Configured Access Control Security Levels.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-23906 MEDIUM This Month

Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-23773 MEDIUM This Month

Missing Authorization vulnerability in mingocommerce Delete All Posts allows Exploiting Incorrectly Configured Access Control Security Levels.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-27310 MEDIUM This Month

Missing Authorization vulnerability in Radius of Thought Page and Post Lister allows Exploiting Incorrectly Configured Access Control Security Levels.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24737 MEDIUM This Month

Missing Authorization vulnerability in Mat Bao Corporation WP Helper Premium allows Accessing Functionality Not Properly Constrained by ACLs.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-39559 MEDIUM This Month

Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.11.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24550 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JobScore Job Manager allows Stored XSS.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22771 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studio Hyperset The Great Firewords of China allows Stored XSS.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22340 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash allows Stored XSS.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-3615 MEDIUM This Month

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-3487 MEDIUM PATCH This Month

The Forminator Forms - Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Forminator Forms PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-29931 MEDIUM This Month

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service Telecontrol Server Basic
NVD
CVSS 4.0
6.3
EPSS
0.3%
CVE-2025-29316 MEDIUM This Month

An issue in DataPatrol Screenshot watermark, printing watermark agent v.3.5.2.0 allows a physically proximate attacker to obtain sensitive information. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-43014 MEDIUM This Month

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Toolbox
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-24651 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration allows Retrieve Embedded Sensitive Data.5.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-39562 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro allows Stored XSS.1.72. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-39444 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxfoundry MaxButtons allows Stored XSS.8.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-39428 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders allows Stored XSS.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-39427 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beth Tucker Long WP Post to PDF Enhanced allows Stored XSS.1.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-39580 MEDIUM This Month

Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs.1.8. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2020-36789 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context If a driver calls can_get_echo_skb() during a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-43717 MEDIUM PATCH This Month

In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, reflect any GET or POST parameters, leading. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-31339 MEDIUM This Month

An unrestricted upload of file with dangerous type vulnerability in the course management function of Wisdom Master Pro versions 5.0 through 5.2 allows remote authenticated users to craft a malicious. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
5.3
EPSS
0.8%
CVE-2025-39456 MEDIUM This Month

Missing Authorization vulnerability in iTRON WP Logger allows Exploiting Incorrectly Configured Access Control Security Levels.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-27299 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Asia MyTicket Events allows Path Traversal.2.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-39439 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Markus Drubba wpLike2Get allows Retrieve Embedded Sensitive Data.2.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-39457 MEDIUM This Month

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels.2.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3453 MEDIUM This Month

The Password Protected - Password Protect your WordPress Site, Pages, & WooCommerce Products - Restrict Content, Protect WooCommerce Category and more plugin for WordPress is vulnerable to Sensitive. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3124 MEDIUM This Month

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy