Skip to main content
CVE-2025-46745 MEDIUM This Month

An authenticated user without user-management permissions could view other users account information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-46743 MEDIUM This Month

An authenticated user's token could be used by another source after the user had logged out prior to the token expiring. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-46742 MEDIUM Monitor

Users who were required to change their password could still access system information before changing their password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-46741 MEDIUM This Month

A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred. Rated medium severity (CVSS 5.7). No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-46738 MEDIUM This Month

An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code. Rated medium severity (CVSS 6.6). No vendor patch available.

RCE Deserialization
NVD
CVSS 3.1
6.6
EPSS
0.5%
CVE-2025-46611 MEDIUM This Month

Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an attacker to execute arbitrary code via a crafted script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Ema
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-4560 MEDIUM This Month

The ISOinsight from Netvision has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access certain system functions. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3649 MEDIUM POC This Week

The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Lightbox PHP
NVD WPScan
CVSS 3.1
6.8
EPSS
0.3%
CVE-2025-3597 MEDIUM POC This Month

The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Firelight Lightbox PHP
NVD WPScan
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-4554 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4553 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4552 MEDIUM POC This Month

A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Continew Admin
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy