Skip to main content
CVE-2024-7097 MEDIUM POC THREAT This Month

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 25.2% and no vendor patch available.

Authentication Bypass Denial Of Service Api Manager Identity Server Identity Server As Key Manager +3
NVD
CVSS 3.1
4.3
EPSS
25.2%
CVE-2025-5356 MEDIUM POC This Month

A vulnerability was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-4429 MEDIUM POC This Month

The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gearside Developer Dashboard PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-4598 MEDIUM POC PATCH This Month

A vulnerability was found in systemd-coredump. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Linux Systemd Openshift Container Platform Enterprise Linux +1
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-48484 MEDIUM POC This Month

FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Freescout
NVD GitHub
CVSS 4.0
4.6
EPSS
0.2%
CVE-2025-47697 MEDIUM This Month

Client-side enforcement of server-side security issue exists in wivia 5 all versions. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wivia 5 Firmware
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-13916 MEDIUM This Month

An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13915 MEDIUM This Month

Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2503 MEDIUM This Month

An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Pcmanager
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-48334 MEDIUM This Month

Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-4597 MEDIUM This Month

The Woo Slider Pro - Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-5259 MEDIUM This Month

The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.7.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-40909 MEDIUM PATCH This Month

Perl threads have a working directory race condition where file operations may target unintended paths. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-3230 MEDIUM PATCH This Month

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-4659 MEDIUM This Month

The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-41406 MEDIUM This Month

Cross-site scripting vulnerability exists in wivia 5 all versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wivia 5 Firmware
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-1479 MEDIUM This Month

An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4431 MEDIUM This Month

The Featured Image Plus - Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-2571 MEDIUM PATCH This Month

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Google Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-5364 MEDIUM POC This Week

A vulnerability was found in Campcodes Online Hospital Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5363 MEDIUM POC This Week

A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5362 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5361 MEDIUM POC This Week

A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5360 MEDIUM POC This Week

A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5359 MEDIUM POC This Week

A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-48944 MEDIUM POC PATCH This Week

vLLM is an inference and serving engine for large language models (LLMs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vllm Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-48943 MEDIUM PATCH This Month

vLLM is an inference and serving engine for large language models (LLMs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Vllm Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-48942 MEDIUM POC PATCH This Week

vLLM is an inference and serving engine for large language models (LLMs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Vllm Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-48885 MEDIUM This Month

application-urlshortener create shortened URLs for XWiki pages. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-48883 MEDIUM PATCH This Month

Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google PHP XSS Chrome
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-5358 MEDIUM POC This Week

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cyber Cafe Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5357 MEDIUM POC This Week

A vulnerability was found in FreeFloat FTP Server 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-5054 MEDIUM POC Monitor

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Canonical Apport Ubuntu Linux
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-48887 MEDIUM POC PATCH This Week

vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Vllm Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-42191 MEDIUM This Month

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Traveler For Microsoft Outlook
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-42190 MEDIUM This Month

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Traveler For Microsoft Outlook
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-23589 MEDIUM This Month

Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs. Rated medium severity (CVSS 6.8). No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-7096 MEDIUM PATCH Monitor

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Privilege Escalation Api Manager Identity Server Identity Server As Key Manager +3
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-1484 MEDIUM This Month

A vulnerability exists in the media upload component of the Asset Suite versions listed below. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.3
EPSS
0.2%
CVE-2025-4944 MEDIUM This Month

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-5235 MEDIUM PATCH This Month

The OpenSheetMusicDisplay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.4.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Opensheetmusicdisplay PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-5142 MEDIUM PATCH This Month

The Simple Page Access Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.31. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress PHP CSRF Simple Page Access Restriction
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-4635 MEDIUM This Month

A malicious user with administrative privileges in the web portal would be able to manipulate the Diagnostics module to obtain remote code execution on the local device as a low privileged user. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
6.6
EPSS
1.3%
CVE-2025-4634 MEDIUM Monitor

The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
CVSS 3.1
4.1
EPSS
0.2%
CVE-2025-4633 MEDIUM This Month

Default credentials were present in the web portal for Airpointer 2.4.107-2, allowing an unauthenticated malicious actor to log in via the web portal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-5236 MEDIUM PATCH This Month

The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Chat For Telegram PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-4943 MEDIUM PATCH This Month

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Element Kit For Elementor PHP Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-48880 MEDIUM POC PATCH This Month

FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Race Condition Freescout
NVD GitHub
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-48875 MEDIUM POC PATCH Monitor

FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available.

XSS Freescout
NVD GitHub
CVSS 4.0
4.6
EPSS
0.2%
CVE-2025-48489 MEDIUM POC Monitor

FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Freescout
NVD GitHub
CVSS 4.0
4.6
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy