Skip to main content
CVE-2025-13442 MEDIUM POC This Month

A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.6%
CVE-2025-13451 MEDIUM POC This Month

A vulnerability was identified in SourceCodester Online Shop Project 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13449 MEDIUM POC This Month

A vulnerability was found in code-projects Online Shop Project 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13422 MEDIUM POC This Month

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-36160 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-36159 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-36158 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-36153 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Concert
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-55124 MEDIUM POC This Month

Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Revive Adserver
NVD
CVSS 3.0
6.1
EPSS
0.0%
CVE-2025-55123 MEDIUM POC This Month

Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Revive Adserver
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-52671 MEDIUM POC Monitor

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Revive Adserver
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2025-52670 MEDIUM POC This Week

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Revive Adserver
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52669 MEDIUM POC Monitor

Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Revive Adserver
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2025-52668 MEDIUM POC This Month

Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Information Disclosure Revive Adserver
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-52667 MEDIUM POC This Month

Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Revive Adserver
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-48987 MEDIUM POC This Month

Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Revive Adserver
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-35029 MEDIUM Monitor

Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise Health
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-55128 MEDIUM POC This Week

HackerOne community member Dang Hung Vi (vidang04) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Revive Adserver
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2025-55127 MEDIUM POC This Month

HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Revive Adserver
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-55126 MEDIUM POC This Week

HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Revive Adserver
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2025-64185 MEDIUM This Month

Open OnDemand is an open-source HPC portal. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-64027 MEDIUM POC This Month

Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Snipe It
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-63848 MEDIUM PATCH This Month

Stored cross site scripting (xss) vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Swish
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-62724 MEDIUM Monitor

Open OnDemand is an open-source HPC portal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-62709 MEDIUM POC PATCH This Week

ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

PHP RCE Clipbucket
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-13437 MEDIUM PATCH This Month

When zx is invoked with --prefer-local=<path>, the CLI creates a symlink named ./node_modules pointing to <path>/node_modules. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-62875 MEDIUM POC PATCH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD.8.0p0-1.1. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Opensmtpd Tumbleweed Suse
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-62731 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-62729 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /status endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-62297 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /projets endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-62296 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-62295 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-62293 MEDIUM This Month

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Soplanning
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-60737 MEDIUM POC This Month

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Eve X1 Server Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-36161 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-65226 MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-65223 MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-65222 MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-65221 MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-65220 MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-64984 MEDIUM This Month

Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-62346 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. Rated medium severity (CVSS 6.8). No vendor patch available.

CSRF
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-60799 MEDIUM This Month

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Authentication Bypass Phppgadmin Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-60798 MEDIUM This Month

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Phppgadmin Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-60797 MEDIUM This Month

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Privilege Escalation Phppgadmin Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-60796 MEDIUM This Month

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phppgadmin Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-60794 MEDIUM This Month

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchauth
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-5092 MEDIUM This Month

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library (<= 2.8.3) in various versions due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-41076 MEDIUM This Month

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Limesurvey
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-41075 MEDIUM This Month

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Limesurvey
NVD
CVSS 4.0
6.9
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy