Skip to main content
CVE-2025-28017 MEDIUM POC This Month

TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A800R Firmware TOTOLINK
NVD
CVSS 3.1
6.5
EPSS
5.3%
CVE-2024-47829 MEDIUM POC PATCH This Month

pnpm is a package manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Pnpm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-46398 MEDIUM POC PATCH This Month

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Fig2Dev Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-46400 MEDIUM POC PATCH This Month

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Fig2Dev Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-46399 MEDIUM POC PATCH This Month

A flaw was found in fig2dev. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Fig2Dev Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-42604 MEDIUM This Month

This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.9
EPSS
1.0%
CVE-2025-2703 MEDIUM PATCH This Month

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Red Hat Suse
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-2763 MEDIUM This Month

CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack RCE Autokit
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2025-1521 MEDIUM PATCH This Month

PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Information Disclosure SSRF Posthog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-0618 MEDIUM This Month

A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-1522 MEDIUM PATCH This Month

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Information Disclosure SSRF Posthog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-2770 MEDIUM This Month

BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Router Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2772 MEDIUM This Month

BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Router Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1054 MEDIUM This Month

The UiCore Elements - Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-22351 MEDIUM This Month

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-1056 MEDIUM This Month

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Camera Station Pro
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-3902 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).0.0 before 4.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Block Class Drupal
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-3901 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).0.0 before 1.13.0, from 3.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bootstrap Site Alert Drupal Bootstrap
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-3900 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).0.0 before 2.1.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Colorbox Drupal
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-29526 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-0926 MEDIUM This Month

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Camera Station Pro
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-43716 MEDIUM This Month

A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Authentication Bypass Ivanti
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-10306 MEDIUM PATCH This Month

A vulnerability was found in mod_proxy_cluster. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-2771 MEDIUM This Month

BEC Technologies Multiple Routers Authentication Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Router Firmware
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2025-2595 MEDIUM CISA This Month

An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-25045 MEDIUM This Month

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-3907 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.0.0 before 4.3.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Search Api Solr Drupal
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy