Skip to main content
CVE-2013-10063 MEDIUM POC THREAT This Month

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 47.8%.

Netgear Path Traversal
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
47.8%
Threat
4.3
CVE-2013-10062 MEDIUM POC THREAT This Month

A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.7%.

Linksys Path Traversal
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
42.7%
Threat
4.2
CVE-2025-51501 MEDIUM POC This Month

Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-51502 MEDIUM POC This Month

Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-8435 MEDIUM POC This Month

A vulnerability was found in code-projects Online Movie Streaming 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8434 MEDIUM POC This Month

A vulnerability was found in code-projects Online Movie Streaming 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8436 MEDIUM POC This Month

A vulnerability was found in projectworlds Online Admission System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8443 MEDIUM POC This Month

A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8442 MEDIUM POC This Month

A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8441 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8439 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8438 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8437 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8431 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-48074 MEDIUM POC PATCH This Month

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openexr Red Hat Suse
NVD GitHub
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-6037 MEDIUM PATCH This Month

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Red Hat Suse
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-6014 MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-7845 MEDIUM This Month

The Stratum - Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-45778 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS The Language Sloth
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-19145 MEDIUM This Month

Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-6015 MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault Red Hat Suse
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-6004 MEDIUM PATCH This Month

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-41376 MEDIUM This Month

CRLF Injection vulnerability in Limesurvey v2.65.1+170522. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Code Injection Limesurvey
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-54132 MEDIUM Monitor

Cursor is a code editor built for programming with AI. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Cursor
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-54131 MEDIUM This Month

Cursor is a code editor built for programming with AI. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Cursor
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-8474 MEDIUM This Month

Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Stack Overflow RCE Ilx 507 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2025-8473 MEDIUM This Month

Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Ilx 507 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-54590 MEDIUM PATCH This Month

webfinger.js is a TypeScript-based WebFinger client that runs in both browsers and Node.js environments. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Node.js
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-53012 MEDIUM POC PATCH This Month

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Microsoft Materialx
NVD GitHub
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-53009 MEDIUM POC PATCH This Month

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Microsoft Stack Overflow Materialx
NVD GitHub
CVSS 4.0
5.5
EPSS
0.4%
CVE-2025-50869 MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-50868 MEDIUM This Month

A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-49832 MEDIUM POC This Week

Asterisk is an open source private branch exchange and telephony toolkit. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Asterisk Certified Asterisk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-33118 MEDIUM This Month

IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-46018 MEDIUM This Month

CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pay Mobile
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-6228 MEDIUM This Month

The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-4684 MEDIUM This Month

The BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites - Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-6398 MEDIUM This Month

A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference
NVD
CVSS 4.0
6.7
EPSS
0.0%
CVE-2025-7646 MEDIUM This Month

The The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-5921 MEDIUM This Month

The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress XSS Sureforms PHP
NVD WPScan
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-54939 MEDIUM POC This Month

LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Litespeed Web Adc Litespeed Web Server Lsquic Openlitespeed
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-31716 MEDIUM This Month

In bootloader, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-4523 MEDIUM PATCH This Month

The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Authentication Bypass WordPress Information Disclosure Idonate PHP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53399 MEDIUM This Month

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 4.0
6.9
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy