Skip to main content
CVE-2025-66219 MEDIUM POC This Month

willitmerge is a command line tool to check if pull requests are mergeable. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Willitmerge
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-65113 MEDIUM POC PATCH This Month

ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Clipbucket
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-66034 MEDIUM POC PATCH This Month

fontTools is a library for manipulating fonts, written in Python. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. Public exploit code available.

RCE Python Fonttools Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-65540 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xmall
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-61915 MEDIUM POC PATCH This Month

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Cups Red Hat Suse
NVD GitHub
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-58436 MEDIUM POC PATCH This Month

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. Public exploit code available.

Denial Of Service Cups Red Hat Suse
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-53897 MEDIUM PATCH This Month

Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Kiteworks Managed File Transfer
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-53900 MEDIUM PATCH This Month

Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Kiteworks Managed File Transfer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-66221 MEDIUM PATCH This Month

Werkzeug is a comprehensive WSGI web application library. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Werkzeug Windows Red Hat +1
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-53939 MEDIUM PATCH This Month

Kiteworks is a private data network (PDN). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kiteworks
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-65892 MEDIUM This Month

Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Krpano
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-66036 MEDIUM This Month

Retro is an online platform providing items of vintage collections. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-66291 MEDIUM PATCH This Month

OrangeHRM is a comprehensive human resource management (HRM) system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Orangehrm
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-66290 MEDIUM This Month

OrangeHRM is a comprehensive human resource management (HRM) system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orangehrm
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-64715 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Cilium Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy