Skip to main content
CVE-2025-4112 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Student Record System 3.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Record System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4108 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Record System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-46560 MEDIUM POC PATCH This Month

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vllm Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2025-45015 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Park Ticketing Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-32970 MEDIUM POC PATCH This Month

XWiki is a generic wiki platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-45019 MEDIUM POC This Month

A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Park Ticketing Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-45011 MEDIUM POC This Month

A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Park Ticketing Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-45010 MEDIUM POC This Month

A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Park Ticketing Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-45009 MEDIUM POC This Month

A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Park Ticketing Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-4113 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Curfew E Pass Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4111 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre School Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4110 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre School Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4109 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre School Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-45021 MEDIUM POC This Month

A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Directory Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-46554 MEDIUM POC PATCH This Month

XWiki is a generic wiki platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-3471 MEDIUM POC This Month

The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Sureforms PHP
NVD WPScan
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-45007 MEDIUM POC This Month

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Time Table Generator System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-4119 MEDIUM This Month

A vulnerability classified as critical was found in Weitong Mall 1.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mall
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4118 MEDIUM This Month

A vulnerability classified as critical has been found in Weitong Mall 1.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mall
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-24341 MEDIUM This Month

A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-30145 MEDIUM This Month

Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-3599 MEDIUM This Month

Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Symantec Eraser Engine Windows
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-2890 MEDIUM This Month

The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘subscriptionCouponId’ parameter in all versions up to, and including, 1.7 due to insufficient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-27532 MEDIUM This Month

A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24347 MEDIUM This Month

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-30422 MEDIUM This Month

A buffer overflow was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-24340 MEDIUM This Month

A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-24132 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-24345 MEDIUM This Month

A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2025-24887 MEDIUM PATCH This Month

OpenCTI is an open-source cyber threat intelligence platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Opencti
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-30115 MEDIUM This Month

Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-24344 MEDIUM This Month

A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-3859 MEDIUM This Month

Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-46331 MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Google Authentication Bypass Docker Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.3%
CVE-2025-4121 MEDIUM This Month

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Jwnr2000V2 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.8%
CVE-2025-4122 MEDIUM This Month

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Jwnr2000V2 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.8%
CVE-2025-24091 MEDIUM This Month

An app could impersonate system notifications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-4135 MEDIUM This Month

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Wg302V2 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.2%
CVE-2025-24343 MEDIUM This Month

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2025-3953 MEDIUM This Month

The WP Statistics - The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-24348 MEDIUM This Month

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-45721 MEDIUM This Month

Insufficient default configuration in HCL Leap allows anonymous access to directory information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domino Leap
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-4136 MEDIUM This Month

A vulnerability was found in Weitong Mall 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-24342 MEDIUM This Month

A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-9877 MEDIUM This Month

: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-4117 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2 1.0.0.11. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Netgear Buffer Overflow Jwnr2000 Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2025-24339 MEDIUM This Month

A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2024-6029 MEDIUM This Month

Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Model S Firmware
NVD
CVSS 3.0
5.0
EPSS
0.1%
CVE-2025-32376 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Discourse
NVD GitHub
CVSS 4.0
4.8
EPSS
0.2%
CVE-2022-42449 MEDIUM This Month

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Domino Leap
NVD
CVSS 3.1
4.6
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy