Skip to main content
CVE-2025-5245 MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5244 MEDIUM POC PATCH This Month

A vulnerability was found in GNU Binutils up to 2.44. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5271 MEDIUM PATCH This Month

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-3704 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DBAR Productions Volunteer Sign Up Sheets allows Stored XSS.5.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-5267 MEDIUM PATCH This Month

A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-47090 MEDIUM This Month

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagvis
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-5264 MEDIUM PATCH This Month

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE Mozilla
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-5265 MEDIUM PATCH This Month

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection RCE Mozilla
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-5278 MEDIUM PATCH This Month

A flaw was found in GNU Coreutils. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Stack Overflow
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-5266 MEDIUM PATCH This Month

Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2025-5263 MEDIUM PATCH This Month

Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-2796 MEDIUM This Month

On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-45094 MEDIUM This Month

IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Hardware Management Console R10 0 Firmware Hardware Management Console R9 4 Firmware Hardware Management Console R9 3 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-11185 MEDIUM This Month

On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-40911 MEDIUM PATCH This Month

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-5283 MEDIUM PATCH This Month

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +2
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-5281 MEDIUM PATCH This Month

Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-5198 MEDIUM This Month

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes XSS Advanced Cluster Security Stackrox Red Hat
NVD GitHub
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-5067 MEDIUM PATCH This Month

Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-5066 MEDIUM PATCH This Month

Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5065 MEDIUM PATCH This Month

Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5064 MEDIUM PATCH This Month

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-46173 MEDIUM POC This Month

code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via the name field in the feedback form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Exam Mastering System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-13966 MEDIUM This Month

ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value '123456'. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Biotime
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-5252 MEDIUM POC This Week

A vulnerability was found in PHPGurukul News Portal Project 4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi News Portal Project
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-45475 MEDIUM POC This Month

maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Maccms
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-49197 MEDIUM This Month

An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Samsung Exynos 980 Firmware Exynos 850 Firmware +8
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-5251 MEDIUM POC This Week

A vulnerability was found in PHPGurukul News Portal Project 4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi News Portal Project
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5250 MEDIUM POC This Week

A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi News Portal Project
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5249 MEDIUM POC This Week

A vulnerability has been found in PHPGurukul News Portal Project 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi News Portal Project
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-23247 MEDIUM Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Cuda Toolkit
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-22377 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 1080 Firmware Exynos 1280 Firmware +16
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5248 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in PHPGurukul Company Visitor Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Company Visitor Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-27701 MEDIUM This Month

In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Information Disclosure Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56193 MEDIUM This Month

There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-5247 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Gowabby HFish 0.1.go. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5246 MEDIUM POC This Week

A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4412 MEDIUM Monitor

On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency,. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-23393 MEDIUM PATCH This Month

A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Suse
NVD
CVSS 4.0
5.6
EPSS
0.3%
CVE-2024-38866 MEDIUM PATCH This Month

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Nagvis
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-5232 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Student Study Center Management System 1.0.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Study Center Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-5231 MEDIUM POC This Week

A vulnerability classified as critical was found in PHPGurukul Company Visitor Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Company Visitor Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-48054 MEDIUM PATCH This Month

Radashi is a TypeScript utility toolkit. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service Red Hat
NVD GitHub
CVSS 4.0
6.8
EPSS
2.9%
CVE-2025-5230 MEDIUM POC This Week

A vulnerability classified as critical has been found in PHPGurukul Online Nurse Hiring System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Nurse Hiring System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5229 MEDIUM POC This Week

A vulnerability was found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5227 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Small CRM 3.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Small Crm
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-48742 MEDIUM This Month

The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Authentication Bypass Pmb
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2025-5226 MEDIUM POC This Week

A vulnerability has been found in PHPGurukul Small CRM 3.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Small Crm
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-5225 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5224 MEDIUM POC This Week

A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy