Skip to main content
CVE-2024-7097 MEDIUM POC THREAT This Month

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 25.2% and no vendor patch available.

Authentication Bypass Denial Of Service Api Manager Identity Server Identity Server As Key Manager +3
NVD
CVSS 3.1
4.3
EPSS
25.2%
CVE-2025-1763 HIGH POC This Week

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2025-5356 MEDIUM POC This Month

A vulnerability was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4429 MEDIUM POC This Month

The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gearside Developer Dashboard PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2020-36846 CRITICAL PATCH Act Now

A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-48757 CRITICAL Act Now

An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.3
EPSS
0.2%
CVE-2025-44619 CRITICAL Act Now

Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wifi Lock Controller V1 Rf Firmware
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-48882 HIGH PATCH This Week

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-4433 HIGH This Week

Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Devolutions Server
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-4992 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.2%
CVE-2025-4991 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.2%
CVE-2025-4990 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.2%
CVE-2025-4989 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.2%
CVE-2025-4988 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.2%
CVE-2025-4598 MEDIUM POC PATCH This Month

A vulnerability was found in systemd-coredump. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Linux Systemd Openshift Container Platform Enterprise Linux +1
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-48484 MEDIUM POC This Month

FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Freescout
NVD GitHub
CVSS 4.0
4.6
EPSS
0.2%
CVE-2025-2501 HIGH This Week

An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Pcmanager
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-2502 HIGH This Week

An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Pcmanager
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2024-13917 HIGH This Week

An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google RCE
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-48331 HIGH This Week

Insertion of Sensitive Information Into Sent Data vulnerability in Vanquish WooCommerce Orders & Customers Exporter allows Retrieve Embedded Sensitive Data.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-26226 HIGH This Week

A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Denial Of Service Yandex Browser
NVD
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-41385 HIGH This Week

An OS Command Injection issue exists in wivia 5 all versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wivia 5 Firmware
NVD
CVSS 4.0
7.1
EPSS
0.5%
CVE-2025-47697 MEDIUM This Month

Client-side enforcement of server-side security issue exists in wivia 5 all versions. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wivia 5 Firmware
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-13916 MEDIUM This Month

An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13915 MEDIUM This Month

Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2503 MEDIUM This Month

An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Pcmanager
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-48334 MEDIUM This Month

Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-4597 MEDIUM This Month

The Woo Slider Pro - Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-5259 MEDIUM This Month

The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.7.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-40909 MEDIUM PATCH This Month

Perl threads have a working directory race condition where file operations may target unintended paths. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-3230 MEDIUM PATCH This Month

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-4659 MEDIUM This Month

The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-41406 MEDIUM This Month

Cross-site scripting vulnerability exists in wivia 5 all versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wivia 5 Firmware
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-1479 MEDIUM This Month

An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4431 MEDIUM This Month

The Featured Image Plus - Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-2571 MEDIUM PATCH This Month

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Google Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-48946 LOW PATCH Monitor

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Liboqs
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-1792 LOW PATCH Monitor

Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Mattermost Server
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-5364 MEDIUM POC This Week

A vulnerability was found in Campcodes Online Hospital Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5363 MEDIUM POC This Week

A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5362 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5361 MEDIUM POC This Week

A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5360 MEDIUM POC This Week

A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-48949 HIGH PATCH This Month

Navidrome is an open source web-based music collection server and streamer. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Authentication Bypass Navidrome Suse
NVD GitHub
CVSS 4.0
8.9
EPSS
0.5%
CVE-2025-48948 HIGH POC PATCH This Month

Navidrome is an open source web-based music collection server and streamer. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Navidrome Suse
NVD GitHub
CVSS 4.0
7.4
EPSS
0.2%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy