Skip to main content
CVE-2025-15424 MEDIUM POC This Month

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]

SQLi Ksoa
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-0569 MEDIUM POC This Month

SQL injection in code-projects Online Music Site 1.0 via the ID parameter in /Frontend/AlbumByCategory.php allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-0568 MEDIUM POC This Month

SQL injection in Online Music Site 1.0's ViewSongs.php parameter handling allows unauthenticated remote attackers to manipulate the ID argument and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and impacts the confidentiality, integrity, and availability of the affected application.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-0567 MEDIUM POC This Month

SQL injection in code-projects Content Management System 1.0 via the ID parameter in /pages.php allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can leverage this to read, modify, or delete sensitive database information with low complexity from any network location.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-0565 MEDIUM POC This Month

Content Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15435 MEDIUM POC This Month

A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. [CVSS 7.3 HIGH]

SQLi Ksoa
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15434 MEDIUM POC This Month

A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. [CVSS 7.3 HIGH]

SQLi Ksoa
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15421 MEDIUM POC This Month

A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]

SQLi Ksoa
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15420 MEDIUM POC This Month

A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. [CVSS 7.3 HIGH]

SQLi Ksoa
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15426 MEDIUM POC This Month

A vulnerability was identified in jackying H-ui.admin versions up to 3.1. is affected by improper access control (CVSS 7.3).

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15425 MEDIUM POC This Month

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]

SQLi Ksoa
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-0570 MEDIUM POC This Month

SQL injection in code-projects Online Music Site 1.0 via the fname parameter in /Frontend/Feedback.php allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive information. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-0546 MEDIUM POC This Month

SQL injection in code-projects Content Management System 1.0 via the search.php parameter allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations should implement immediate input validation or access controls until patching is possible.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15436 MEDIUM POC This Month

A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. [CVSS 7.3 HIGH]

SQLi Ksoa
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-21444 MEDIUM POC PATCH This Month

Improper IV handling in libtpms 0.10.0 and 0.10.1 causes the library to return initial instead of final initialization vectors during symmetric cipher operations with OpenSSL 3.x, potentially weakening cryptographic security for local users who can interact with the TPM emulation. Public exploit code exists for this vulnerability affecting confidentiality of encrypted data. Update to libtpms 0.10.2 to remediate.

OpenSSL TLS Libtpms Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21432 MEDIUM POC This Month

Stored XSS in Emlog 2.5.23 allows authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially leading to administrative account compromise. Public exploit code exists for this vulnerability, and no patched version is currently available. The attack requires user interaction and can affect any Emlog installation running the vulnerable version.

XSS Emlog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21431 MEDIUM POC This Month

Stored XSS in Emlog 2.5.23's media library function allows authenticated attackers to inject malicious scripts when publishing articles, which execute in other users' browsers with scope crossing enabled. Public exploit code exists for this vulnerability, and no patched version is currently available. Successful exploitation requires user interaction and grants attackers the ability to steal session data or perform actions on behalf of affected users.

XSS Emlog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21483 MEDIUM POC PATCH This Month

Stored XSS in Listmonk before version 6.0.0 allows authenticated users with campaign management permissions to inject malicious JavaScript that executes when administrators preview campaigns or templates, enabling privilege escalation attacks such as creating backdoor admin accounts. Public exploit code exists for this vulnerability, and the attack surface expands through the public archive feature where victims need only visit a link to trigger the payload. Version 6.0.0 addresses this flaw, though patches are currently unavailable for earlier versions.

XSS Listmonk Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-15432 MEDIUM POC This Month

A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. [CVSS 5.3 MEDIUM]

Path Traversal Carrental
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-15422 MEDIUM POC This Month

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. [CVSS 5.3 MEDIUM]

PHP Empirecms
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-14072 MEDIUM POC This Month

Ninja Forms versions up to 3.13.3 contains a vulnerability that allows attackers to generate valid access tokens via the REST API which can then be used to read for (CVSS 5.3).

WordPress Ninja Forms PHP
NVD WPScan
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-69417 MEDIUM POC This Month

In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint. [CVSS 5.0 MEDIUM]

Authentication Bypass Media Server
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-69416 MEDIUM POC This Month

In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml. [CVSS 5.0 MEDIUM]

Authentication Bypass Media Server
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-59381 MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.9 MEDIUM]

Qnap Path Traversal
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34171 MEDIUM This Month

Casaos contains a vulnerability that allows attackers to retrieve sensitive configuration files and system debug information (CVSS 5.3).

Information Disclosure Casaos
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-47208 MEDIUM This Month

Quts Hero versions up to h5.2.0.2737 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Qnap Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-53592 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-44013 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 6.5 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-62852 MEDIUM This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Qnap Buffer Overflow Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53593 MEDIUM This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Qnap Buffer Overflow Denial Of Service Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53591 MEDIUM This Month

Quts Hero versions up to h5.2.0.2737 is affected by use of externally-controlled format string (CVSS 6.5).

Qnap Quts Hero Qts
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53597 MEDIUM This Month

A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Buffer Overflow Denial Of Service License Center
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-48721 MEDIUM This Month

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 6.5 MEDIUM]

Qnap Buffer Overflow Denial Of Service Quts Hero Qts
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52871 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure License Center
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12685 MEDIUM This Month

WPBookit WordPre versions up to 1.0.7 contains a vulnerability that allows attackers to an unauthenticated attacker to delete any customer through a CSRF attack (CVSS 6.5).

WordPress CSRF PHP
NVD WPScan
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-62857 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. [CVSS 6.1 MEDIUM]

XSS Qumagie
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-45286 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. [CVSS 6.1 MEDIUM]

XSS Go Httpbin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-13456 MEDIUM This Month

The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. [CVSS 6.1 MEDIUM]

WordPress XSS PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-13153 MEDIUM This Month

Logo Slider WordPre versions up to 4.9.0 contains a vulnerability that allows attackers to users with the contributor role and above to perform Stored Cross-Site Scripting (CVSS 6.1).

WordPress Golang XSS PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-64122 MEDIUM This Month

Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1. [CVSS 5.5 MEDIUM]

Authentication Bypass Nplatform
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-14047 MEDIUM This Month

The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission - WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'Frontend_Form_Ajax::submit_post' function in all versions up to, and including, 4.2.4. [CVSS 5.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-55374 MEDIUM This Month

Redcap versions up to 14.3.13 contains a vulnerability that allows attackers to enumerate usernames due to an observable discrepancy between login attempts (CVSS 5.3).

Information Disclosure Redcap
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-57705 MEDIUM This Month

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1...

Qnap Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53596 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53590 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53589 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53414 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-53405 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52431 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Qts Quts Hero
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52430 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. [CVSS 4.9 MEDIUM]

Qnap Null Pointer Dereference Quts Hero Qts
NVD
CVSS 3.1
4.9
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy