Skip to main content
CVE-2025-4751 MEDIUM POC This Week

A vulnerability, which was classified as problematic, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Di 7003G Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4750 MEDIUM POC This Week

A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125).data of the component Configuration Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Di 7003G Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3516 MEDIUM POC This Month

The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Lightbox PHP
NVD WPScan
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-3201 MEDIUM POC This Month

The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Kali Forms PHP
NVD WPScan
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-1245 MEDIUM This Month

Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-4759 MEDIUM POC PATCH This Month

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Lockfile Lint Api
NVD GitHub
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-4747 MEDIUM This Month

A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.1%
CVE-2025-4746 MEDIUM POC This Week

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-48175 MEDIUM POC PATCH Monitor

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. Public exploit code available.

Integer Overflow Buffer Overflow Libavif Suse
NVD GitHub
CVSS 3.1
4.5
EPSS
0.3%
CVE-2025-48174 MEDIUM PATCH Monitor

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required.

Integer Overflow Buffer Overflow Libavif Suse
NVD GitHub
CVSS 3.1
4.5
EPSS
0.4%
CVE-2025-4745 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee Record System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4744 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in code-projects Employee Record System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee Record System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4743 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Employee Record System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Employee Record System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4742 MEDIUM Monitor

A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4741 MEDIUM POC This Week

A vulnerability was found in Campcodes Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4740 MEDIUM Monitor

A vulnerability was found in BeamCtrl Airiana up to 11.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4739 MEDIUM POC This Week

A vulnerability was found in projectworlds Hospital Database Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Database Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4169 MEDIUM This Month

The Posts per Cat [Unmaintained plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ppc' shortcode in all versions up to, and including, 1.4.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-4736 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Daily Expense Tracker 1.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Daily Expense Tracker
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4735 MEDIUM POC This Month

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-51475 MEDIUM This Month

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-4729 MEDIUM This Month

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.4%
CVE-2025-47930 MEDIUM PATCH This Month

Zulip is an open-source team chat application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Zulip
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy