Skip to main content
CVE-2025-4791 MEDIUM POC This Month

A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4790 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4789 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4788 MEDIUM POC This Month

A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4785 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Daily Expense Tracker System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4812 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Metapneumovirus
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4811 MEDIUM POC This Month

A vulnerability was found in CodeAstro Pharmacy Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2022-4363 MEDIUM POC This Month

The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wholesale Market Wholesale Market For Woocommerce
NVD WPScan
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-4734 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-40907 MEDIUM POC PATCH This Month

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Fcgi Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2025-4781 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Park Ticketing Management System 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-4782 MEDIUM POC This Month

A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Stock Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-40630 MEDIUM POC This Month

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mozilla Mail Server Firefox
NVD
CVSS 4.0
5.1
EPSS
0.7%
CVE-2025-4478 MEDIUM PATCH This Month

A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Freerdp Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-48127 MEDIUM This Month

Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app allows Exploiting Incorrectly Configured Access Control Security Levels.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32245 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Apollo allows SQL Injection.6.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32180 MEDIUM This Month

Missing Authorization vulnerability in QuanticaLabs CSS3 Tooltips for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-48131 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite allows Stored XSS.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-48121 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Puddick WP Notes Widget allows DOM-Based XSS.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-48113 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet allows Stored XSS.51.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-48080 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored XSS.7.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-47557 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG allows Stored XSS.5.31. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-46464 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scripteo Ads Pro Plugin allows Stored XSS.88. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-48135 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aptivadadev Aptivada for WP allows DOM-Based XSS.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-48132 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows Stored XSS.0.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-39509 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode TNC FlipBook allows Stored XSS.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-4679 MEDIUM This Month

A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Synology Active Backup For Microsoft 365
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-47556 MEDIUM This Month

Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-31923 MEDIUM This Month

Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-31915 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Cross Site Request Forgery.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-48116 MEDIUM This Month

Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-47564 MEDIUM This Month

Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs.9.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-48117 MEDIUM This Month

Missing Authorization vulnerability in kilbot WooCommerce POS allows Exploiting Incorrectly Configured Access Control Security Levels.7.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-47563 MEDIUM This Month

Missing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs.3.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-32296 MEDIUM This Month

Missing Authorization vulnerability in quantumcloud Simple Link Directory Pro allows Exploiting Incorrectly Configured Access Control Security Levels.7.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-31630 MEDIUM This Month

Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-31071 MEDIUM This Month

Missing Authorization vulnerability in themeton HotStar - Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-31066 MEDIUM This Month

Missing Authorization vulnerability in themeton Acerola allows Exploiting Incorrectly Configured Access Control Security Levels.6.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-31065 MEDIUM This Month

Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-48120 MEDIUM This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG Lite allows Code Injection.6.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-48119 MEDIUM This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection.7.41. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-47562 MEDIUM This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG allows Code Injection.5.34. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-4780 MEDIUM This Month

A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-47560 MEDIUM This Month

Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Exploiting Incorrectly Configured Access Control Security Levels.6.13. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2025-47792 MEDIUM PATCH This Month

Nextcloud Desktop is the desktop sync client for Nextcloud. Rated medium severity (CVSS 5.0).

Authentication Bypass Desktop Nextcloud
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-4476 MEDIUM PATCH This Month

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-48138 MEDIUM This Month

Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels.12.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-32299 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal allows Retrieve Embedded Sensitive Data.0.15. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-31062 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-39493 MEDIUM This Month

Missing Authorization vulnerability in ValvePress Rankie allows Exploiting Incorrectly Configured Access Control Security Levels.8.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy