Skip to main content
CVE-2025-56807 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rise Ultimate Project Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-11140 MEDIUM POC This Month

A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-43400 MEDIUM This Month

An out-of-bounds write issue was addressed with improved bounds checking. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-57197 MEDIUM This Month

In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-7698 MEDIUM This Month

Out-of-bounds read vulnerabilities exist in the print processing functionality of multiple Canon printer driver families, including Generic Plus PCL6, UFR II, LIPS4, LIPSLX, PS, PCL6, CARPS2, and related variants. These vulnerabilities allow remote attackers to read sensitive memory contents (information disclosure) and potentially cause application crashes, requiring user interaction (opening a malicious print job) to trigger. With an EPSS score of 0.05% and no evidence of active exploitation in the wild, this represents a low real-world risk despite moderate CVSS scoring.

Buffer Overflow Information Disclosure HP
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-9903 MEDIUM This Month

Out-of-bounds write vulnerabilities exist in the print processing functionality of multiple Canon printer drivers, including Generic Plus variants (PCL6, UFR II, LIPS4, LIPSLX, PS) and standalone drivers (UFRII LT, CARPS2, Generic FAX, LIPS4, LIPSLX, UFR II, PS, PCL6). An attacker can exploit these memory corruption flaws via a malicious print job to corrupt memory, potentially leading to code execution or denial of service. The EPSS score of 0.04% (13th percentile) suggests low exploitation probability in the wild, and no active KEV status has been reported, indicating this is not currently being exploited at scale.

Buffer Overflow HP Denial Of Service
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-11135 MEDIUM This Month

A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Deserialization
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-9904 MEDIUM This Month

CVE-2025-9904 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-10346 MEDIUM This Month

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Perfex Crm
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-10345 MEDIUM This Month

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Perfex Crm
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-10344 MEDIUM This Month

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Perfex Crm
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-10343 MEDIUM This Month

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expense_name' at the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Perfex Crm
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-59948 MEDIUM POC PATCH This Week

FreshRSS is a free, self-hostable RSS aggregator. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Freshrss
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-59941 MEDIUM PATCH This Month

go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Authentication Bypass Go F3 Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-59940 MEDIUM PATCH This Month

mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43817 MEDIUM PATCH Monitor

Multiple reflected cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-43813 MEDIUM PATCH This Month

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4,. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-43812 MEDIUM PATCH Monitor

Cross-site scripting (XSS) vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-59933 MEDIUM PATCH This Month

libvips is a demand-driven, horizontally threaded image processing library. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Libvips Suse
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-57769 MEDIUM POC PATCH This Month

FreshRSS is a free, self-hostable RSS aggregator. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation XSS Freshrss
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-43820 MEDIUM PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-43818 MEDIUM PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-43815 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-43811 MEDIUM PATCH Monitor

Multiple stored cross-site scripting (XSS) vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-34232 MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP SSRF Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34230 MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP SSRF Virtual Appliance Application +1
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34229 MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP SSRF Virtual Appliance Application +1
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34220 MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contains a /api-gateway/identity/search-groups. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-56764 MEDIUM This Month

Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username exists or not by returning different error messages ("Unknown user" vs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Trivision Nc 227Wf Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-35034 MEDIUM This Month

Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Health
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-35033 MEDIUM This Month

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Enterprise Health
NVD
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-35032 MEDIUM This Month

Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Enterprise Health
NVD
CVSS 4.0
6.2
EPSS
0.0%
CVE-2025-35031 MEDIUM Monitor

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Health
NVD
CVSS 4.0
4.6
EPSS
0.0%
CVE-2025-57879 MEDIUM PATCH This Month

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-57878 MEDIUM PATCH This Month

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-57877 MEDIUM PATCH Monitor

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-57876 MEDIUM PATCH Monitor

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-57875 MEDIUM PATCH Monitor

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-57874 MEDIUM PATCH Monitor

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-57873 MEDIUM PATCH Monitor

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-57872 MEDIUM PATCH This Month

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-57871 MEDIUM PATCH Monitor

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-36099 MEDIUM Monitor

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Websphere Application Server
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-61659 MEDIUM PATCH This Month

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-41245 MEDIUM Monitor

VMware Aria Operations contains an information disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-11155 MEDIUM This Month

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-36352 MEDIUM This Month

IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS License Metric Tool
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-36351 MEDIUM Monitor

IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM License Metric Tool
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-57428 MEDIUM This Month

Default credentials in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to gain access to the debug shell exposed via Telnet on Port 23 and execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-11147 MEDIUM This Month

Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apt Cacher Ng
NVD
CVSS 4.0
5.1
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy