Skip to main content
CVE-2025-3800 MEDIUM POC This Month

A vulnerability has been found in WCMS 11 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3799 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in WCMS 11. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3819 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3816 MEDIUM POC This Month

A vulnerability classified as critical was found in westboy CicadasCMS 2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cicadascms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
3.9%
CVE-2025-3807 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in zhenfeng13 My-BBS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java My Bbs
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3808 MEDIUM POC This Month

A vulnerability has been found in zhenfeng13 My-BBS 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF My Bbs
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3817 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0.php?f=delete_stock. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3798 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in WCMS 11.php of the component Advertisement Image Handler. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Wcms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2025-3797 MEDIUM POC This Month

A vulnerability classified as critical was found in SeaCMS up to 13.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-3801 MEDIUM POC PATCH This Month

A vulnerability was found in songquanpeng one-api up to 0.6.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-1457 MEDIUM This Month

The Element Pack Addons for Elementor - Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Wrapper Link, Countdown and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-3661 MEDIUM This Month

The SB Chart block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-3275 MEDIUM This Month

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider widget in all versions up to, and including, 2.2.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-43918 MEDIUM This Month

SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-3818 MEDIUM This Month

A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3806 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in dazhouda lecms up to 3.0.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-3805 MEDIUM This Month

A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3804 MEDIUM This Month

A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3284 MEDIUM This Month

The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy