Skip to main content
CVE-2023-3666 LOW POC Monitor

The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS Sticky Side Buttons
NVD WPScan
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-9841 LOW POC Monitor

A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-9847 LOW POC Monitor

A weakness has been identified in ScriptAndTools Real Estate Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-9923 LOW POC Monitor

A flaw has been found in Campcodes Sales and Inventory System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-9922 LOW POC Monitor

A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-9920 LOW POC Monitor

A security flaw has been discovered in Campcodes Recruitment Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-9845 LOW POC Monitor

A vulnerability has been found in code-projects Fruit Shop Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9921 LOW POC Monitor

A weakness has been identified in code-projects POS Pharmacy System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-7039 LOW CISA Monitor

A flaw was found in glib. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-58056 LOW POC PATCH Monitor

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. Rated low severity (CVSS 2.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Netty
NVD GitHub
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-41000 LOW Monitor

Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-9821 LOW PATCH Monitor

SummaryUsers with webhook permissions can conduct SSRF via webhooks. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-58272 LOW Monitor

Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. Rated low severity (CVSS 2.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 4.0
2.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy