Skip to main content
CVE-2025-13786 MEDIUM POC This Month

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Code Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13788 MEDIUM POC This Month

A vulnerability has been found in Chanjet CRM up to 20251106. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-13787 MEDIUM POC This Month

A flaw has been found in ZenTao up to 21.7.6-8564. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Zentao
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-66422 MEDIUM POC PATCH This Month

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Trytond
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-66424 MEDIUM PATCH This Month

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Trytond
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13792 MEDIUM This Month

A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Code Injection
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13782 MEDIUM This Month

A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-66421 MEDIUM PATCH This Month

Tryton sao (aka tryton-sao) before 7.6.11 allows XSS because it does not escape completion values. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66420 MEDIUM PATCH This Month

Tryton sao (aka tryton-sao) before 7.6.9 allows XSS via an HTML attachment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66432 MEDIUM This Month

In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-66433 MEDIUM This Month

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. Rated medium severity (CVSS 4.2). No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy