Skip to main content
CVE-2025-48128 MEDIUM This Month

Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector allows Exploiting Incorrectly Configured Access Control Security Levels.7.55. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-48079 MEDIUM This Month

Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.9.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-47534 MEDIUM This Month

Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner allows Exploiting Incorrectly Configured Access Control Security Levels.25.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-39511 MEDIUM This Month

Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin allows Exploiting Incorrectly Configured Access Control Security Levels.18.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-32295 MEDIUM This Month

Missing Authorization vulnerability in wordpresschef Salon Booking Pro allows Exploiting Incorrectly Configured Access Control Security Levels.10.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-31063 MEDIUM This Month

Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-47791 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Server Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-48115 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31921 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder allows Cross Site Request Forgery.055. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31639 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31068 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery.4.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-39482 MEDIUM This Month

Missing Authorization vulnerability in imithemes Eventer allows Exploiting Incorrectly Configured Access Control Security Levels.11.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-4813 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Metapneumovirus Testing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4805 MEDIUM Monitor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
4.8
EPSS
0.6%
CVE-2025-4804 MEDIUM Monitor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
4.8
EPSS
0.6%
CVE-2025-32407 MEDIUM POC This Month

Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Samsung Internet
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-4808 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-4807 MEDIUM POC This Week

A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Online Student Clearance System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.6%
CVE-2025-4806 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester/oretnom23 Stock Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Stock Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4795 MEDIUM POC This Month

A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Schoolcms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4794 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Online Course Registration 3.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Course Registration
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4793 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Online Course Registration 3.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Course Registration
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4792 MEDIUM POC This Week

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4787 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester/oretnom23 Stock Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Stock Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4786 MEDIUM POC This Month

A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Stock Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-47793 MEDIUM PATCH Monitor

Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Group Folders Nextcloud Server Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-4778 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-47790 MEDIUM This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

PHP Authentication Bypass Nextcloud Server Nextcloud
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-32962 MEDIUM PATCH Monitor

Flask-AppBuilder is an application development framework built on top of Flask. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Python Open Redirect Flask Appbuilder
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-4777 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4773 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Online Course Registration 3.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Course Registration
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2306 MEDIUM This Month

An Improper Access Control vulnerability was identified in the file download functionality. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2024-40120 MEDIUM POC PATCH This Week

seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Seaweedfs Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-4772 MEDIUM POC This Week

A vulnerability has been found in PHPGurukul Online Course Registration 3.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Course Registration
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4771 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in PHPGurukul Online Course Registration 3.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Course Registration
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4770 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Park Ticketing Management System 2.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4768 MEDIUM This Month

A vulnerability classified as critical has been found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4767 MEDIUM Monitor

A vulnerability was found in defog-ai introspect up to 0.1.4. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4766 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Zoo Management System 2.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zoo Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4765 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Zoo Management System 2.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zoo Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4761 MEDIUM This Month

A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Complaint Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4758 MEDIUM POC This Week

A vulnerability classified as critical has been found in PHPGurukul Beauty Parlour Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4757 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4756 MEDIUM POC This Week

A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Di 7003G Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2025-4755 MEDIUM POC This Week

A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Di 7003G Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4753 MEDIUM POC This Week

A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Di 7003G Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3624 MEDIUM Monitor

Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).0.0-00 before 11.0.4-00. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-1531 MEDIUM This Month

Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.0.0-00 before 11.0.4-00. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-8201 MEDIUM This Month

Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-4752 MEDIUM POC This Week

A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Di 7003G Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy