Skip to main content
CVE-2025-9426 MEDIUM POC This Month

A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9425 MEDIUM POC This Month

A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9423 MEDIUM POC This Month

A vulnerability was determined in Campcodes Online Water Billing System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9421 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Apartment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9420 MEDIUM POC This Month

A flaw has been found in itsourcecode Apartment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9419 MEDIUM POC This Month

A vulnerability was detected in itsourcecode Apartment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9418 MEDIUM POC This Month

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-57804 MEDIUM PATCH This Month

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Red Hat Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-55301 MEDIUM This Month

The Scratch Channel is a news website. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-56215 MEDIUM This Month

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-39923 MEDIUM This Month

An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mahara
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-57814 MEDIUM PATCH This Month

request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-48303 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Kevin Langley Jr. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-52130 MEDIUM This Month

File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload RCE
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-57811 MEDIUM PATCH This Month

Craft is a platform for creating digital experiences. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity.

RCE Ssti Craft Cms
NVD GitHub
CVSS 4.0
6.1
EPSS
0.1%
CVE-2025-55574 MEDIUM This Month

Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Docmost
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-44179 MEDIUM This Month

Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-44178 MEDIUM This Month

DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-29525 MEDIUM This Month

DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-29524 MEDIUM This Month

Incorrect access control in the component /cgi-bin/system_diagnostic_main.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-29522 MEDIUM POC This Week

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2025-29521 MEDIUM POC This Month

Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-29520 MEDIUM POC This Month

Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-29519 MEDIUM POC This Month

A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-46413 MEDIUM POC This Month

Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Rebuild
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-46412 MEDIUM This Month

Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-29517 MEDIUM POC This Week

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-8562 MEDIUM This Month

The Custom Query Shortcode plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.4.0 via the 'lens' parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-8997 MEDIUM This Month

An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-5514 MEDIUM This Month

Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-9405 MEDIUM POC PATCH This Month

A security flaw has been discovered in Open5GS up to 2.7.5. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-9398 MEDIUM POC This Month

A security vulnerability has been detected in YiFang CMS up to 2.0.5. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Yifang
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy