Skip to main content
CVE-2025-63293 MEDIUM POC This Month

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rise Ultimate Project Manager
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-12617 MEDIUM POC This Month

A flaw has been found in itsourcecode Billing System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-12608 MEDIUM POC This Month

A security flaw has been discovered in itsourcecode Online Loan Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-12606 MEDIUM POC This Month

A vulnerability was determined in itsourcecode Online Loan Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-12607 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Online Loan Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-64294 MEDIUM This Month

Missing Authorization vulnerability in d3wp WP Snow Effect allows Accessing Functionality Not Properly Constrained by ACLs.1.15. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2021-47698 MEDIUM This Month

Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s Views URL handling (escape_string()). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 4.0
5.1
EPSS
0.7%
CVE-2025-36172 MEDIUM This Month

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0.1 Interim Fix 004, 24.0.0 through 24.0.0 Interim Fix 006, and earlier unsupported releases IBM. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-11193 MEDIUM This Month

A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2024-13998 MEDIUM This Month

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nagios Xi
NVD
CVSS 4.0
6.0
EPSS
1.3%
CVE-2025-12657 MEDIUM This Month

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-63593 MEDIUM POC This Month

Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grav
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-12642 MEDIUM PATCH This Month

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Lighttpd
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-50363 MEDIUM POC This Month

Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Maid Hiring Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-63450 MEDIUM POC This Month

Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Car Booking System Php
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-63449 MEDIUM POC This Month

Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Water Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-63448 MEDIUM POC This Month

Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Water Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63447 MEDIUM POC This Month

Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Water Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63446 MEDIUM POC This Month

Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Water Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-36093 MEDIUM Monitor

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-36092 MEDIUM This Month

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-36091 MEDIUM Monitor

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-63443 MEDIUM POC This Month

School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Management System Php
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-63442 MEDIUM POC Monitor

Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple User Management System
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-60892 MEDIUM This Month

An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-45663 MEDIUM POC This Week

An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netsurf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-29699 MEDIUM POC This Week

NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Netsurf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51317 MEDIUM POC This Week

An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Netsurf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy