Skip to main content
CVE-2025-44108 MEDIUM POC PATCH Monitor

A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Flatpress
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2025-28371 MEDIUM POC This Week

EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Enh500 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-4878 Awaiting Data

Rejected reason: Unused CVE record, incorrectly reserved. No vendor patch available.

Information Disclosure
NVD
CVE-2025-4933 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in ponaravindb Hospital-Management-System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4932 MEDIUM POC This Week

A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Lawyer Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4931 MEDIUM POC This Week

A vulnerability classified as critical was found in projectworlds Online Lawyer Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Lawyer Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4930 MEDIUM This Month

A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2099 HIGH POC PATCH This Month

A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Transformers Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-4929 MEDIUM POC This Week

A vulnerability was found in Campcodes Online Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4928 MEDIUM POC This Week

A vulnerability was found in projectworlds Online Lawyer Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Lawyer Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4927 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Marriage Registration System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4926 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Car Rental Project 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Car Rental Portal
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-4925 MEDIUM POC This Week

A vulnerability has been found in PHPGurukul Daily Expense Tracker System 1.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Daily Expense Tracker System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4924 MEDIUM This Month

A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Client Database Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-41429 LOW Monitor

a-blog cms multiple versions neutralize logs improperly. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure A Blog Cms
NVD
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-36560 CRITICAL This Week

Server-side request forgery vulnerability exists in a-blog cms multiple versions. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF A Blog Cms
NVD
CVSS 4.0
9.2
EPSS
0.3%
CVE-2025-32999 MEDIUM Monitor

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS A Blog Cms
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-27566 MEDIUM This Month

Path traversal vulnerability exists in a-blog cms versions prior to Ver. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal A Blog Cms
NVD
CVSS 4.0
5.1
EPSS
0.5%
CVE-2025-4923 MEDIUM POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Client Database Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4917 MEDIUM POC This Week

A vulnerability classified as critical has been found in PHPGurukul Auto Taxi Stand Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Auto Taxi Stand Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-37891 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion The conversion function from MIDI 1.0 to UMP packet contains an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-4916 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Auto Taxi Stand Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4915 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Auto Taxi Stand Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4914 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Auto Taxi Stand Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4913 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Auto Taxi Stand Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-1626 MEDIUM POC This Month

The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Qi Blocks PHP
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-4912 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Student Result Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2025-4911 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zoo Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-2892 MEDIUM PATCH This Month

The All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Canonical All In One Seo PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-4910 MEDIUM POC This Week

A vulnerability, which was classified as critical, has been found in PHPGurukul Zoo Management System 2.1.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zoo Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4909 MEDIUM POC This Week

A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Client Database Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4908 MEDIUM POC This Week

A vulnerability classified as critical has been found in PHPGurukul Daily Expense Tracker System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Daily Expense Tracker System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4907 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Daily Expense Tracker System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4906 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Notice Board System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Notice Board System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4905 MEDIUM POC Monitor

A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic.py. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Basestation
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-23167 MEDIUM PATCH This Month

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Authentication Bypass Node.js Red Hat Suse
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2025-23166 HIGH PATCH This Month

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Denial Of Service Red Hat Suse
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2025-23165 LOW Monitor

In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Node.js Denial Of Service
NVD
CVSS 3.0
3.7
EPSS
0.4%
CVE-2025-23164 MEDIUM Monitor

A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share Livestream" link to maintain access to the corresponding. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Ubiquiti
NVD
CVSS 3.0
4.4
EPSS
0.2%
CVE-2025-23122 Awaiting Data

Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23165. No vendor patch available.

Information Disclosure
NVD
CVE-2025-4904 MEDIUM POC This Week

A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Di 7003G Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-4903 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Di 7003G Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.7%
CVE-2025-4902 MEDIUM POC This Week

A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Di 7003G Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4901 MEDIUM POC This Month

A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Di 7003G Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy