Skip to main content
CVE-2025-3828 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical.php?viewid=11. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3827 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3829 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Men Salon Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2020-36844 MEDIUM POC This Month

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Security Awareness Training
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-43928 MEDIUM POC This Month

In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pmrs 102 Firmware
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-43919 MEDIUM POC PATCH This Month

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mailman Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-43920 MEDIUM POC PATCH This Month

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Mailman Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2025-43921 MEDIUM POC PATCH This Month

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mailman Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-3830 MEDIUM POC This Month

A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java Kuangsimplebbs
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2020-36845 MEDIUM POC This Month

The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Security Awareness Training
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3823 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2025-3822 MEDIUM POC This Month

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-3821 MEDIUM POC This Month

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-3826 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-3825 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-3824 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-43929 MEDIUM POC PATCH This Month

open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required. Public exploit code available.

Information Disclosure Kitty Suse
NVD GitHub
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-43955 LOW POC Monitor

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs. Rated low severity (CVSS 2.2). Public exploit code available and no vendor patch available.

Information Disclosure Convertigo
NVD GitHub
CVSS 3.1
2.2
EPSS
0.1%
CVE-2025-43954 MEDIUM PATCH This Month

QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Qmarkdown
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy