Skip to main content
CVE-2025-13421 MEDIUM POC This Month

A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13420 MEDIUM POC This Month

A weakness has been identified in itsourcecode Human Resource Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13410 MEDIUM POC This Month

A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-34336 MEDIUM This Month

eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-13395 MEDIUM This Month

A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-11963 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trade Ltd. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-0421 MEDIUM This Month

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-13415 MEDIUM POC This Month

A vulnerability was identified in icret EasyImages up to 2.8.6. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Easyimages2 0
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-58181 MEDIUM PATCH This Month

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Crypto Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-47914 MEDIUM PATCH This Month

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Crypto Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-13147 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.1.8, from 2025.0.0 before 2025.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Moveit Transfer
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-63214 MEDIUM POC This Week

An issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to delete and create arbitrary accounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vbc Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-63212 MEDIUM POC This Week

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Flexiva Lx100 Firmware Flexiva Lx300 Firmware Flexiva Lx600 Firmware Flexiva Lx1000 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-51662 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filecodebox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36371 MEDIUM This Month

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65100 MEDIUM This Month

Isar is an integration system for automated root filesystem generation. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-63211 MEDIUM POC This Month

Stored cross-site scripting vulnerability in bridgetech VBC Server & Element Manager, firmware versions 6.5.0-9 thru 6.5.0-10, allows attackers to execute arbitrary code via the addName parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Vbc Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-65089 MEDIUM PATCH This Month

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Microsoft Authentication Bypass Pro Macros
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-65032 MEDIUM POC This Week

Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65031 MEDIUM POC This Week

Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-65028 MEDIUM POC This Week

Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-65026 MEDIUM POC PATCH This Month

esm.sh is a nobuild content delivery network(CDN) for modern web development. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection XSS Esm Sh Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-65020 MEDIUM POC This Week

Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65019 MEDIUM POC PATCH This Month

Astro is a web framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Astro
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-64765 MEDIUM POC PATCH This Week

Astro is a web framework. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Astro
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-64708 MEDIUM PATCH This Month

authentik is an open-source Identity Provider. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Authentik Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-64521 MEDIUM PATCH Monitor

authentik is an open-source Identity Provider. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Authentik Suse
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-34330 MEDIUM POC This Week

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated prompt upload endpoint at. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Fax Server Interactive Voice Response Tenda
NVD
CVSS 4.0
6.9
EPSS
0.7%
CVE-2025-12766 MEDIUM This Month

An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerry® AtHoc® (OnPrem) version 7.21 could allow an attacker to potentially gain unauthorized knowledge about. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Athoc
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-12743 MEDIUM This Month

The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-63879 MEDIUM POC This Month

A reflected cross-site scripted (XSS) vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Php Ecommerce Project
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63878 MEDIUM POC This Week

Github Restaurant Website Restoran v1.0 was discovered to contain a SQL injection vulnerability via the Contact Form page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Restaurant Website Restoran
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13397 MEDIUM PATCH Monitor

A security vulnerability has been detected in mrubyc up to 3.4. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity.

Denial Of Service Mruby C
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-63243 MEDIUM POC Monitor

A reflected cross-site scripting (XSS) vulnerability exists in the password change functionality of Pixeon WebLaudos 25.1 (01). Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Weblaudos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-8528 MEDIUM This Month

Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized. Rated medium severity (CVSS 5.4). No vendor patch available.

XSS
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-64408 MEDIUM PATCH This Month

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution (RCE) through user-controllable URL parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Apache Java Causeway
NVD
CVSS 3.1
6.3
EPSS
0.8%
CVE-2025-58412 MEDIUM Monitor

A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet XSS Fortiadc
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-13085 MEDIUM Monitor

The SiteSEO - SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-12535 MEDIUM This Month

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-13054 MEDIUM This Month

The User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppb-embed shortcode. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-12878 MEDIUM This Month

The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `wfop_phone` shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-12842 MEDIUM This Month

The Booking Plugin for WordPress Appointments - Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12822 MEDIUM Monitor

The WP Login and Register using JWT plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mo_jwt_generate_new_api_key' function in all versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-12814 MEDIUM This Month

The SiteSEO - SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseo_reset_settings function in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-12751 MEDIUM Monitor

The WSChat - WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'reset_settings' AJAX endpoint in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12710 MEDIUM This Month

The Pet-Manager - Petfinder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kwm-petfinder shortcode in all versions up to, and including, 3.6.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-12359 MEDIUM This Month

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get_image_size_by_url' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-12174 MEDIUM This Month

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-12426 MEDIUM This Month

The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Quiz Maker PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12349 MEDIUM This Month

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy