Skip to main content
CVE-2025-4576 MEDIUM POC PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-54793 MEDIUM POC PATCH This Month

Astro is a web framework for content-driven websites. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Astro
NVD GitHub
CVSS 4.0
5.5
EPSS
2.2%
CVE-2025-8742 MEDIUM POC This Month

A vulnerability was found in macrozheng mall 1.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mall
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-8738 MEDIUM This Month

A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-50928 MEDIUM POC Monitor

Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Easy Hosting Control Panel
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-50927 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easy Hosting Control Panel
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-50468 MEDIUM POC This Week

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openmetadata
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50467 MEDIUM This Month

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Openmetadata
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-47872 MEDIUM This Month

The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-36023 MEDIUM This Month

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-8749 MEDIUM This Month

Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-6572 MEDIUM This Month

The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD WPScan
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-54959 MEDIUM This Month

Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-54958 MEDIUM This Month

Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-54940 MEDIUM Monitor

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE Code Injection PHP
NVD
CVSS 4.0
4.6
EPSS
0.0%
CVE-2024-58257 MEDIUM This Month

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2024-58256 MEDIUM Monitor

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 4.5). No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2024-58255 MEDIUM This Month

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.0). No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-54368 MEDIUM PATCH This Month

uv is a Python package and project manager written in Rust. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Suse
NVD GitHub
CVSS 4.0
6.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy