Skip to main content
CVE-2025-4079 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PCMan FTP Server up to 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-46338 MEDIUM POC PATCH This Month

Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Audiobookshelf
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4074 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Curfew E Pass Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4073 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Student Record System 3.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Record System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4071 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid19 Testing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4070 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rail Pass Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4058 MEDIUM POC This Month

A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4060 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Notice Board System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-46347 MEDIUM POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP RCE Yeswiki
NVD GitHub
CVSS 4.0
5.8
EPSS
4.0%
CVE-2025-1194 MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Transformers
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-46346 MEDIUM POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yeswiki
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2025-4078 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.3
EPSS
1.8%
CVE-2025-4076 MEDIUM POC This Month

A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.1%
CVE-2025-4072 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Nurse Hiring System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-4080 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Nurse Hiring System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4077 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects School Billing System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow School Billing System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4069 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Product Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4068 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Simple Movie Ticket Booking System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Simple Movie Ticket Booking System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4059 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Prison Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Prison Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4063 MEDIUM POC This Month

A vulnerability was found in code-projects Student Information Management System 1.0 and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Student Information Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4062 MEDIUM POC This Month

A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Theater Seat Booking System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4061 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Clothing Store Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-46549 MEDIUM POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yeswiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-46550 MEDIUM POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yeswiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2025-4066 MEDIUM This Month

A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Online Traveling System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-4065 MEDIUM This Month

A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Online Traveling System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4067 MEDIUM This Month

A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Online Traveling System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4064 MEDIUM This Month

A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Online Traveling System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4092 MEDIUM PATCH This Month

Memory safety bugs present in Firefox 137 and Thunderbird 137. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-4086 MEDIUM PATCH This Month

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24251 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-31203 MEDIUM This Month

An integer overflow was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Apple
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-30445 MEDIUM This Month

A type confusion issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-4088 MEDIUM PATCH This Month

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2893 MEDIUM PATCH This Month

The Gutenverse - Ultimate Block Addons and Page Builder for Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's countdown Block in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Gutenverse PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-46552 MEDIUM This Month

KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2025-1551 MEDIUM This Month

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Operational Decision Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-4082 MEDIUM PATCH This Month

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Mozilla Apple
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-4084 MEDIUM PATCH This Month

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Mozilla
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-24179 MEDIUM This Month

A null pointer dereference was addressed with improved input validation. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-31197 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Apple
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2025-24270 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-23179 MEDIUM This Month

CWE-798: Use of Hard-coded Credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31202 MEDIUM This Month

A null pointer dereference was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Null Pointer Dereference Denial Of Service Ipados Iphone Os +4
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-58099 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-24271 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-3910 MEDIUM PATCH This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Build Of Keycloak Red Hat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-4090 MEDIUM PATCH This Month

A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-4075 MEDIUM This Month

A vulnerability was found in VMSMan up to 20250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3929 MEDIUM This Month

An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Email Server
NVD
CVSS 4.0
5.3
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy