Skip to main content
CVE-2025-4255 MEDIUM POC This Month

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB Exploit-DB
CVSS 4.0
6.9
EPSS
4.4%
CVE-2025-4290 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4289 MEDIUM POC This Month

A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4288 MEDIUM POC This Month

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4254 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-4270 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-4269 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical.cgi of the component Log Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4297 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Men Salon Management System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4268 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4283 MEDIUM POC This Month

A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical.php?f=login. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Stock Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4266 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Notice Board System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4265 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Emergency Ambulance Hiring Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4264 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Emergency Ambulance Hiring Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4263 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Dj Booking Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4262 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Dj Booking Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4271 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-46730 MEDIUM POC PATCH This Month

MobSF is a mobile application security testing tool used. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Mobile Security Framework
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2025-47268 MEDIUM POC PATCH This Month

ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2025-25504 MEDIUM POC This Month

An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gefen Webfwc
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2025-26241 MEDIUM POC This Month

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Osticket
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-45618 MEDIUM POC This Month

Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jeeweb Mybatis Springboot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-45240 MEDIUM POC This Month

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Foxcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29573 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mezzanine
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-45751 MEDIUM POC This Month

SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add-admin.php via the Fullname text field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Web Based Pharmacy Product Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-46719 MEDIUM POC PATCH GHSA This Month

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python RCE XSS Open Webui
NVD GitHub
CVSS 4.0
5.4
EPSS
0.2%
CVE-2025-45236 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dbsyncer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-46559 MEDIUM POC PATCH This Month

Misskey is an open source, federated social media platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. Public exploit code available.

Path Traversal Misskey
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-4259 MEDIUM POC This Month

A vulnerability has been found in newbee-mall 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Newbee Mall
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-4291 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Ideacms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-45320 MEDIUM POC This Month

A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Online Service Management Portal
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-45239 MEDIUM POC This Month

An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Foxcms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-4260 MEDIUM POC This Month

A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Youkefu
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-4282 MEDIUM POC This Month

A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Stock Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-46571 MEDIUM POC PATCH GHSA This Month

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Open Webui
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4267 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester/oretnom23 Stock Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Stock Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4286 MEDIUM POC This Month

A vulnerability was found in Intelbras InControl up to 2.21.59. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Incontrol Web
NVD VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4257 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seacms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4256 MEDIUM POC This Month

A vulnerability classified as problematic was found in SeaCMS 13.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seacms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-3583 MEDIUM POC This Month

The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Newsletter PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-4293 MEDIUM POC This Month

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mrcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4292 MEDIUM POC This Month

A vulnerability has been found in MRCMS 3.1.3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mrcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-43915 MEDIUM PATCH This Month

In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for Linkerd releases 2.13.0-2.13.7, 2.14.0-2.14.10, 2.15.0-2.15.7, 2.16.0-2.16.4, and 2.17.0-2.17.1, resource exhaustion can occur. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Buoyant Linkerd Suse
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-39363 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Stored XSS.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Custom Login And Registration
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-28168 MEDIUM This Month

The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Multiple File Upload
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-46734 MEDIUM PATCH This Month

league/commonmark is a PHP Markdown parser. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-4051 MEDIUM PATCH This Month

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Suse
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-27921 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Output Messenger
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-11615 MEDIUM This Month

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetra_deleteLanguageFile' and 'zetra_deleteFontsFile' functions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
CVSS 3.1
5.3
EPSS
4.0%
CVE-2025-46813 MEDIUM PATCH This Month

Discourse is an open-source community platform. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.5%
CVE-2025-20670 MEDIUM This Month

In Modem, there is a possible permission bypass due to improper certificate validation. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nr16 Nr17 Nr17r
NVD
CVSS 3.1
5.7
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy