Skip to main content
CVE-2018-25110 MEDIUM POC PATCH This Month

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Marked
NVD GitHub
CVSS 4.0
6.9
EPSS
0.8%
CVE-2025-41378 MEDIUM This Month

The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Code Injection
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-46527 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LikeCoin Web3Press allows Path Traversal.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-48275 MEDIUM This Month

Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-48271 MEDIUM This Month

Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-47529 MEDIUM This Month

Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-47619 MEDIUM This Month

Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal.19.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-46518 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts allows Stored XSS.5.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-46493 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Stored XSS.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-31807 MEDIUM This Month

A vulnerability has been identified in Building X - Security Manager Edge Controller (ACC-AP) (All versions). Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Sipass Integrated Ac5102 Acc G2 Firmware Sipass Integrated Acc Ap Firmware
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-47513 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Laforge Infocob CRM Forms allows Path Traversal.4.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2025-46486 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway allows Path Traversal.1.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2025-2394 MEDIUM This Month

Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Google Information Disclosure Authentication Bypass Android +1
NVD
CVSS 4.0
4.7
EPSS
0.1%
CVE-2025-5119 MEDIUM POC This Week

A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Emlog
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-48741 MEDIUM This Month

A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.8
EPSS
0.2%
CVE-2025-48740 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 4.0
5.9
EPSS
0.2%
CVE-2025-48739 MEDIUM Monitor

A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 4.0
4.6
EPSS
0.7%
CVE-2025-48738 MEDIUM This Month

An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-48735 MEDIUM Monitor

A SQL Injection issue in the request body processing in BOS IPCs with firmware 21.45.8.2.2_220219 before 21.45.8.2.3_230220 allows remote attackers to obtain sensitive information from the database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-46176 MEDIUM This Month

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 605l Firmware Dir 816L Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-44998 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tiny File Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-51102 MEDIUM POC Monitor

PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Management System
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-48378 MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 4.0
6.1
EPSS
0.1%
CVE-2025-48377 MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-48375 MEDIUM POC This Week

Schule is open-source school management system software. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Schule School Management System
NVD GitHub
CVSS 4.0
6.6
EPSS
0.4%
CVE-2025-32967 MEDIUM POC This Month

OpenEMR is a free and open source electronic health records and medical practice management application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-51103 MEDIUM POC This Week

PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-51099 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Medical Card Generation System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-48704 MEDIUM POC This Month

Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Medical Card Generation System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-5114 MEDIUM POC This Month

A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Zentao
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-51108 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Medical Card Generation System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-51107 MEDIUM POC Monitor

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Medical Card Generation System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-48702 MEDIUM POC This Month

PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Old Age Home Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-5112 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5111 MEDIUM POC This Week

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5110 MEDIUM POC This Week

A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3580 MEDIUM PATCH This Month

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Authentication Bypass Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-5109 MEDIUM POC This Week

A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5108 MEDIUM This Month

A vulnerability was found in zongzhige ShopXO 6.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass File Upload Shopxo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-5107 MEDIUM POC This Month

A vulnerability was found in Fujian Kelixun 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fujian Kelixun
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-41380 MEDIUM This Month

Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.1
EPSS
0.1%
CVE-2025-41379 MEDIUM This Month

The Intellian C700 web panel allows you to add firewall rules. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.3
EPSS
0.3%
CVE-2024-7803 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-5106 MEDIUM This Month

A vulnerability was found in Fujian Kelixun 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.4%
CVE-2025-5105 MEDIUM POC This Week

A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3894 MEDIUM Monitor

Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
4.8
EPSS
0.3%
CVE-2025-4379 MEDIUM This Month

DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-5096 MEDIUM PATCH This Month

The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tablepress PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2025-47149 MEDIUM This Month

The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-48695 MEDIUM This Month

An issue was discovered in CyberDAVA before 1.1.20. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy