Skip to main content
CVE-2024-53636 MEDIUM POC This Month

An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Student Information System
NVD GitHub
CVSS 3.1
6.4
EPSS
2.9%
CVE-2025-3954 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Churchcrm
NVD VulDB
CVSS 4.0
6.3
EPSS
0.6%
CVE-2025-46654 MEDIUM POC This Month

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Codimd
NVD GitHub
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-2811 MEDIUM This Month

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13812 MEDIUM This Month

The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Code Injection
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2025-1458 MEDIUM PATCH This Month

The Element Pack Addons for Elementor - Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Element Pack PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-46652 MEDIUM This Month

In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-2850 MEDIUM This Month

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-46655 MEDIUM This Month

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-46646 MEDIUM PATCH This Month

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required.

Information Disclosure Ghostscript Red Hat Suse
NVD
CVSS 3.1
4.5
EPSS
0.1%
CVE-2025-3915 MEDIUM PATCH This Month

The Aeropage Sync for Airtable plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'aeropageDeletePost' function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Aeropage Sync For Airtable PHP
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy