Skip to main content
CVE-2024-51099 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Medical Card Generation System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-48704 MEDIUM POC This Month

Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Medical Card Generation System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-5114 MEDIUM POC This Month

A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Zentao
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-51360 CRITICAL POC Act Now

An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2024-51108 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Medical Card Generation System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-51107 MEDIUM POC Monitor

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Medical Card Generation System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-51101 CRITICAL POC Act Now

PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-48702 MEDIUM POC This Month

PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Old Age Home Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-5112 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5111 MEDIUM POC This Week

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5110 MEDIUM POC This Week

A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3580 MEDIUM PATCH This Month

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Authentication Bypass Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-5109 MEDIUM POC This Week

A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5108 MEDIUM This Month

A vulnerability was found in zongzhige ShopXO 6.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass File Upload Shopxo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-5107 MEDIUM POC This Month

A vulnerability was found in Fujian Kelixun 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fujian Kelixun
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-41380 MEDIUM This Month

Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.1
EPSS
0.1%
CVE-2025-41379 MEDIUM This Month

The Intellian C700 web panel allows you to add firewall rules. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.3
EPSS
0.3%
CVE-2025-1123 HIGH This Month

The Solid Mail - SMTP email and logging made by SolidWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email Name, Subject, and Body in all versions up to, and including, 2.1.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-9163 LOW Monitor

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2024-7803 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-5106 MEDIUM This Month

A vulnerability was found in Fujian Kelixun 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.4%
CVE-2025-5105 MEDIUM POC This Week

A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3894 MEDIUM Monitor

Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
4.8
EPSS
0.3%
CVE-2025-3893 HIGH This Month

While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-36527 HIGH This Month

Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Manageengine Adaudit Plus
NVD
CVSS 3.1
8.3
EPSS
1.1%
CVE-2025-4379 MEDIUM This Month

DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-13945 HIGH This Month

Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
CVSS 4.0
8.4
EPSS
0.5%
CVE-2025-5096 MEDIUM PATCH This Month

The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tablepress PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2025-47149 MEDIUM This Month

The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-48695 MEDIUM This Month

An issue was discovered in CyberDAVA before 1.1.20. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-4594 MEDIUM PATCH This Month

The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tournamatch PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-48708 MEDIUM PATCH Monitor

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Red Hat Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-48701 MEDIUM This Month

openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-4692 MEDIUM This Month

Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.9
EPSS
0.2%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy