Skip to main content
CVE-2025-48204 MEDIUM PATCH This Month

The ns_backup extension through 13.0.0 for TYPO3 allows command injection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2025-48203 MEDIUM PATCH This Month

The cs_seo extension through 9.2.0 for TYPO3 allows XSS. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-48202 MEDIUM PATCH This Month

The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-5029 MEDIUM This Month

A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-23337 MEDIUM POC PATCH Monitor

jq is a command-line JSON processor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Jq Red Hat Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-44895 MEDIUM POC This Week

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Wgs 804Hpt Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-44892 MEDIUM POC This Week

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Wgs 804Hpt Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-42922 MEDIUM POC This Week

AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aapanel
NVD GitHub
CVSS 3.1
6.5
EPSS
6.1%
CVE-2025-1418 MEDIUM This Month

A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohibited functions. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-1417 MEDIUM Monitor

In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM (Mobile Device Management). Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
4.6
EPSS
0.1%
CVE-2025-4611 MEDIUM This Month

The Slim SEO - Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slim_seo_breadcrumbs shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-3750 MEDIUM This Month

The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_height’ parameter in all versions up to, and including, 7.7.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-27804 MEDIUM This Month

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2025-27803 MEDIUM This Month

The devices do not implement any authentication for the web interface or the MQTT server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1415 MEDIUM This Month

A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM (Mobile Device Management), as well as details of the devices like their UUIDs needed for. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-4949 MEDIUM POC PATCH This Week

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XXE Information Disclosure Denial Of Service Jgit Red Hat +1
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2025-5011 MEDIUM POC Monitor

A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hexo Boot
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.4%
CVE-2025-5010 MEDIUM POC Monitor

A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hexo Boot
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy