Skip to main content
CVE-2025-57639 MEDIUM POC This Month

OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac9 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
4.2%
CVE-2025-54081 MEDIUM POC PATCH This Month

Sunshine is a self-hosted game stream host for Moonlight. Rated medium severity (CVSS 6.7). Public exploit code available.

Microsoft Information Disclosure Sunshine Windows
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-29083 MEDIUM POC This Month

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Plugin_Manager.php file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE SQLi Csz Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-58674 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-10831 MEDIUM POC This Month

A vulnerability has been found in Campcodes Computer Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10843 MEDIUM POC This Month

A flaw has been found in Reservation Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10833 MEDIUM POC This Month

A vulnerability was determined in 1000projects Bookstore Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10857 MEDIUM POC This Month

A security flaw has been discovered in Campcodes Point of Sale System POS 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10851 MEDIUM POC This Month

A security flaw has been discovered in Campcodes Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10842 MEDIUM POC This Month

A vulnerability was detected in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10841 MEDIUM POC This Month

A security vulnerability has been detected in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10836 MEDIUM POC This Month

A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10834 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10832 MEDIUM POC This Month

A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10830 MEDIUM POC This Month

A flaw has been found in Campcodes Computer Sales and Inventory System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-10829 MEDIUM POC This Month

A vulnerability was detected in Campcodes Computer Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-58246 MEDIUM POC This Month

Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-9342 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Anadolu Hayat Emeklilik Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-58915 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emarket-design YouTube Showcase youtube-showcase allows Stored XSS.5.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-8902 MEDIUM This Month

The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'do_sidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-56304 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in YzmCMS thru 7.3 via the referer header in the register page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yzmcms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-8410 MEDIUM This Month

Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.5.0 before 7.6.0. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Connext Professional
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2025-39872 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hsr: hold rcu and dev lock for hsr_get_port_ndev hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-4582 MEDIUM This Month

Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-58069 MEDIUM This Month

The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-54855 MEDIUM Monitor

Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
4.1
EPSS
0.0%
CVE-2024-21935 MEDIUM This Month

Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2024-21927 MEDIUM This Month

Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-58354 MEDIUM This Month

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-56311 MEDIUM This Month

In Shenzhen C-Data Technology Co. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service CSRF
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59825 MEDIUM PATCH This Month

astral-tokio-tar is a tar archive reading/writing library for async Rust. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Red Hat
NVD GitHub
CVSS 4.0
6.1
EPSS
0.0%
CVE-2025-57636 MEDIUM POC This Week

OS Command injection vulnerability in D-Link C1 2020-02-21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Di 7100G Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2025-59822 MEDIUM POC PATCH This Month

Http4s is a Scala interface for HTTP services. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Request Smuggling Http4S
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-56146 MEDIUM This Month

Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-45326 MEDIUM POC PATCH This Week

An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submit_size.php component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Pocketvj Control Panel Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-59821 MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59548 MEDIUM This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-59547 MEDIUM This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft Dotnetnuke
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-59539 MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Dotnetnuke
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-29084 MEDIUM POC This Week

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE SQLi Csz Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0209 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Identity Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-0663 MEDIUM This Month

A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Identity Server Identity Server As Key Manager Open Banking Iam
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-6429 MEDIUM PATCH Monitor

A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Api Manager Identity Server
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-5717 MEDIUM This Month

An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Java Api Control Plane Api Manager +2
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2025-57407 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gp247
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-4760 MEDIUM PATCH Monitor

An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Api Control Plane Api Manager Traffic Manager Universal Gateway
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-4598 MEDIUM This Month

An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Micro Integrator
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-7106 MEDIUM PATCH This Month

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-10548 MEDIUM This Month

The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-39887 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmap_parselist() A crash was observed with the following output: BUG: kernel NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy