Skip to main content
CVE-2025-20296 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS
NVD
CVSS 3.0
5.4
EPSS
0.0%
CVE-2025-20295 MEDIUM This Month

A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-20294 MEDIUM This Month

Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20292 MEDIUM Monitor

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2025-20290 MEDIUM This Month

A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20262 MEDIUM This Month

A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Cisco
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2025-54598 MEDIUM POC This Week

The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Bevy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50984 MEDIUM POC This Month

diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Elastic SQLi Diskover
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-50978 MEDIUM POC This Month

In Gitblit v1.7.1, a reflected cross-site scripting (XSS) vulnerability exists in the way repository path names are handled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitblit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-50986 MEDIUM POC This Month

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting (XSS) vulnerabilities in its administrative settings interface. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Diskover
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-50985 MEDIUM POC This Month

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting (XSS) flaws in its web interface. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Diskover
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-56694 MEDIUM POC This Month

Client-side password validation (CWE-602) in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fotoshare Cloud
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-30061 MEDIUM This Month

In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-30060 MEDIUM This Month

In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-30059 MEDIUM This Month

In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" function is vulnerable to SQL injection. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-30058 MEDIUM This Month

In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-30048 MEDIUM This Month

The "serverConfig" endpoint, which returns the module configuration including credentials, is accessible without authentication. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-9514 MEDIUM This Month

A vulnerability has been found in macrozheng mall up to 1.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force Information Disclosure Mall
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-9513 MEDIUM This Month

A flaw has been found in editso fuso up to 1.0.4-beta.7. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-7732 MEDIUM This Month

The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazy‑loading handlers in all versions up to, and including, 2.18.7 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8490 MEDIUM Monitor

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy