Skip to main content
CVE-2025-4388 MEDIUM POC PATCH THREAT This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 25.1% and no vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
25.1%
CVE-2025-4332 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Company Visitor Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-4314 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Advanced Web Store 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Web Store
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4361 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Company Visitor Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4309 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Art Gallery Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4308 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Art Gallery Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4307 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Art Gallery Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4306 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Nipah Virus Testing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4304 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cyber Cafe Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4303 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Metapneumovirus Testing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4313 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Advanced Web Store 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Web Store
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4312 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Advanced Web Store 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Web Store
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4363 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0.php?action=end_membership. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4362 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4360 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4359 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4358 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Company Visitor Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4311 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Content Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4301 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Content Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4300 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Content Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4331 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Student Clearance System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4357 MEDIUM POC This Month

A vulnerability was found in Tenda RX3 16.03.13.11_multi. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Rx3 Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
7.0%
CVE-2025-4340 MEDIUM POC This Month

A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 806 Firmware Dir 890L Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
2.4%
CVE-2025-45250 MEDIUM POC This Month

MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery (SSRF) in the validate_url function of the app_doc/utils.py file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mrdoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-4329 MEDIUM POC This Month

A vulnerability was found in 74CMS up to 3.33.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal 74Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-4353 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Golden Link Secondary System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4352 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424.htm. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Golden Link Secondary System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4327 MEDIUM POC This Month

A vulnerability was found in MRCMS 3.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mrcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4310 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Content Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4328 MEDIUM POC This Month

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Java
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-4325 MEDIUM POC This Month

A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mrcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.4%
CVE-2025-4326 MEDIUM POC This Month

A vulnerability was found in MRCMS 3.1.2 and classified as problematic.do of the component Add Fragment Page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mrcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4324 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mrcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4323 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mrcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-49829 MEDIUM PATCH This Month

Memory corruption can occur during context user dumps due to inadequate checks on buffer length. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sdm429w Firmware Snapdragon 429 Mobile Firmware +6
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-45568 MEDIUM PATCH This Month

Memory corruption due to improper bounds check while command handling in camera-kernel driver. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sdm429w Firmware Snapdragon 429 Mobile Firmware +9
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-45581 MEDIUM PATCH This Month

Memory corruption while sound model registration for voice activation with audio kernel driver. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mdm9628 Firmware Qam8295p Firmware Qca6564a Firmware +27
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-49830 MEDIUM PATCH This Month

Memory corruption while processing an IOCTL call to set mixer controls. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qca6574au Firmware Qca6595au Firmware Qca6678aq Firmware Qca6688aq Firmware +8
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45583 MEDIUM PATCH This Month

Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow Fastconnect 7800 Firmware Snapdragon 8 Gen 3 Mobile Firmware +5
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45570 MEDIUM PATCH This Month

Memory corruption may occur during IO configuration processing when the IO port count is invalid. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Qca6391 Firmware Qca6426 Firmware Qca6436 Firmware +54
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45563 MEDIUM PATCH This Month

Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sdm429w Firmware +11
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45562 MEDIUM PATCH This Month

Memory corruption during concurrent access to server info object due to unprotected critical field. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6800 Firmware +76
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-26262 MEDIUM This Month

An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-44900 MEDIUM This Month

In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Stack Overflow Rx3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-4374 MEDIUM This Month

A flaw was found in Quay. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Quay Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-37730 MEDIUM This Month

Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-3782 MEDIUM This Month

The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-46590 MEDIUM This Month

Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-39442 MEDIUM This Month

In sprd ssense service, there is a possible missing permission check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-46591 MEDIUM This Month

Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy