Skip to main content
CVE-2025-66028 MEDIUM POC PATCH This Month

OneUptime is a solution for monitoring and managing online services. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Privilege Escalation Oneuptime
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-65238 MEDIUM POC This Month

Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ussd Gateway
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-63938 MEDIUM POC PATCH This Month

Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Tinyproxy Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65956 MEDIUM POC PATCH This Month

Formwork is a flat file-based Content Management System (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Formwork
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-65237 MEDIUM POC This Month

A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ussd Gateway
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-66026 MEDIUM POC PATCH This Month

REDAXO is a PHP-based CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Redaxo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-65676 MEDIUM POC This Month

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Classroomio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-65675 MEDIUM POC This Month

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Classroomio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-65670 MEDIUM POC This Month

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Classroomio
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-65239 MEDIUM POC This Month

Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ussd Gateway
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66265 MEDIUM This Month

CMService.exe creates the C:\\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-59820 MEDIUM PATCH This Month

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-66019 MEDIUM PATCH This Month

pypdf is a free and open-source pure-python PDF library. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.1%
CVE-2021-4472 MEDIUM PATCH This Month

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-7449 MEDIUM This Month

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-12653 MEDIUM This Month

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-66030 MEDIUM PATCH This Month

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Forge Red Hat
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-9191 MEDIUM This Month

The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-13084 MEDIUM This Month

The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.1
EPSS
0.1%
CVE-2025-9163 MEDIUM This Month

The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-13674 MEDIUM PATCH This Month

BPv7 dissector crash in Wireshark 4.6.0 allows denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Wireshark Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-62728 MEDIUM PATCH This Month

SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Hive
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-65963 MEDIUM This Month

Files is a module for managing files inside spaces and user profiles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-6195 MEDIUM This Month

GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66025 MEDIUM This Month

Caido is a web security auditing toolkit. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy