Skip to main content
CVE-2025-28367 MEDIUM POC THREAT This Month

mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 12.7%.

Authentication Bypass Path Traversal Mojoportal
NVD GitHub
CVSS 3.1
6.5
EPSS
12.7%
CVE-2024-42699 MEDIUM POC This Month

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Opencms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2025-28121 MEDIUM POC This Month

code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the "q" parameter allowing remote attackers to execute arbitrary code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Online Exam Mastering System
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2025-28102 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flaskblog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-41446 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-3842 MEDIUM POC This Month

A vulnerability was found in panhainan DS-Java 1.0 and classified as critical.action of the file src/com/phn/action/FileUpload.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Ds Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3843 MEDIUM POC This Month

A vulnerability was found in panhainan DS-Java 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Java Ds Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3841 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jam
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-28099 MEDIUM POC This Month

opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Opencms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2025-3845 MEDIUM This Month

A vulnerability was found in markparticle WebServer up to 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Webserver
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-3847 MEDIUM This Month

A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webserver
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3846 MEDIUM This Month

A vulnerability was found in markparticle WebServer up to 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webserver
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-43973 MEDIUM PATCH This Month

An issue was discovered in GoBGP before 3.35.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gobgp Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-43972 MEDIUM PATCH This Month

An issue was discovered in GoBGP before 3.35.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Gobgp Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-28103 MEDIUM This Month

Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Flaskblog
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-3837 MEDIUM This Month

An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
6.1
EPSS
0.4%
CVE-2025-3838 MEDIUM This Month

An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.1
EPSS
0.1%
CVE-2025-32955 MEDIUM This Month

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker Red Hat
NVD GitHub
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-12543 MEDIUM This Month

User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 4.0
5.9
EPSS
0.2%
CVE-2024-12863 MEDIUM This Month

Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Windows
NVD
CVSS 4.0
5.6
EPSS
0.4%
CVE-2024-12862 MEDIUM This Month

Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.2-24.4. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-43970 MEDIUM PATCH This Month

An issue was discovered in GoBGP before 3.35.0. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Gobgp Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32793 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Cilium Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy