Skip to main content
CVE-2025-54389 MEDIUM POC PATCH This Month

AIDE is an advanced intrusion detection environment. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Advanced Intrusion Detection Environment Red Hat Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-8935 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Sales Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8932 MEDIUM POC This Month

A vulnerability was determined in 1000 Projects Sales Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8948 MEDIUM POC This Month

A vulnerability was determined in projectworlds Visitor Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8946 MEDIUM POC This Month

A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8955 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Hospital Management System 4.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8954 MEDIUM POC This Month

A vulnerability was identified in PHPGurukul Hospital Management System 4.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8951 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8950 MEDIUM POC This Month

A vulnerability was identified in Campcodes Online Recruitment Management System 1.0.php?page=view_vacancy. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8988 MEDIUM POC This Month

A vulnerability has been found in SourceCodester COVID 19 Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8987 MEDIUM POC This Month

A vulnerability was identified in SourceCodester COVID 19 Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8986 MEDIUM POC This Month

A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8985 MEDIUM POC This Month

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8984 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8983 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8982 MEDIUM POC This Month

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8981 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8973 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8972 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8970 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8969 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8968 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8967 MEDIUM POC This Month

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8966 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8953 MEDIUM POC This Month

A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8971 MEDIUM POC This Month

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8936 MEDIUM POC This Month

A vulnerability was determined in 1000 Projects Sales Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-38738 MEDIUM This Month

SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Supportassist For Home Pcs
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-50861 MEDIUM This Month

The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Google
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-43687 MEDIUM This Month

An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-43683 MEDIUM This Month

An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-50029 MEDIUM This Month

Missing Authorization vulnerability in Ashish AI Tools allows Exploiting Incorrectly Configured Access Control Security Levels.0.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54685 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash allows Retrieve Embedded Sensitive Data.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-39483 MEDIUM This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in imithemes Eventer allows Code Injection.9.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50031 MEDIUM This Month

Missing Authorization vulnerability in syedamirhussain91 DB Backup allows Exploiting Incorrectly Configured Access Control Security Levels.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-30993 MEDIUM This Month

Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce - Increase Your Sales allows Exploiting Incorrectly Configured Access Control Security Levels.1.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-28962 MEDIUM This Month

Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52721 MEDIUM This Month

Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55712 MEDIUM This Month

Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels.3.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55714 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS.7.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55711 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Stored XSS.0.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55709 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54749 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery allows Stored XSS.2.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54747 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbakery Templatera allows DOM-Based XSS.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54746 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect allows Stored XSS.0.02. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54740 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS.27.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54708 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks allows DOM-Based XSS.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54054 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List allows Stored XSS.18.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53582 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordLift WordLift allows Stored XSS.54.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53342 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Modernize allows Stored XSS.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy