Skip to main content
CVE-2025-67082 MEDIUM POC This Month

An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database. [CVSS 6.5 MEDIUM]

SQLi Invoiceplane
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2021-47754 MEDIUM POC This Month

Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. [CVSS 6.5 MEDIUM]

CSRF Arunna
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-70299 MEDIUM POC This Month

A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file. [CVSS 6.5 MEDIUM]

Heap Overflow Denial Of Service Gpac
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68671 MEDIUM POC PATCH This Month

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. [CVSS 6.5 MEDIUM]

Information Disclosure Lakefs Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2021-47759 MEDIUM POC This Month

MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. [CVSS 6.2 MEDIUM]

Windows SSH Information Disclosure
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2021-47799 MEDIUM POC This Month

its Sudo configuration contains a vulnerability that allows attackers to gain root access (CVSS 6.2).

DNS Privilege Escalation
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2021-47768 MEDIUM POC This Month

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. [CVSS 6.1 MEDIUM]

XSS Importexporttools Ng
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-70890 MEDIUM POC This Month

Cyber Cafe Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 6.1).

PHP XSS Cyber Cafe Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-70891 MEDIUM POC This Month

Cyber Cafe Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 6.1).

PHP XSS Cyber Cafe Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-65368 MEDIUM POC This Month

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output. [CVSS 6.1 MEDIUM]

XSS AI / ML Sparkyfitness
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-15265 MEDIUM POC PATCH This Month

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a <script> block without HTML‑safe escaping, allowing </script> to terminate the script and inject arbitrary JavaScript. [CVSS 6.1 MEDIUM]

XSS Svelte Red Hat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-70310 MEDIUM POC This Month

A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file. [CVSS 5.5 MEDIUM]

Heap Overflow Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-70309 MEDIUM POC This Month

A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file. [CVSS 5.5 MEDIUM]

Stack Overflow Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-70303 MEDIUM POC This Month

A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. [CVSS 5.5 MEDIUM]

Heap Overflow Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-70302 MEDIUM POC This Month

A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 5.5 MEDIUM]

Heap Overflow Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-70305 MEDIUM POC This Month

A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file. [CVSS 5.5 MEDIUM]

Stack Overflow Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2021-47771 MEDIUM POC This Month

Rdp Manager versions up to 4.9.9.3 is affected by allocation of resources without limits or throttling (CVSS 5.5).

Denial Of Service Rdp Manager
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2021-47765 MEDIUM POC This Month

AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. [CVSS 5.5 MEDIUM]

Denial Of Service Absolutetelnet
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2021-47764 MEDIUM POC This Month

AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating DialUp connection and license name fields. [CVSS 5.5 MEDIUM]

Denial Of Service Absolutetelnet
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2021-47843 MEDIUM POC This Month

Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer. [CVSS 5.4 MEDIUM]

RCE XSS Tagstoo
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-65349 MEDIUM POC This Month

Wireless Mini Router Wireless-N 300M Firmware versions up to 28k.minirouter.20190211 is affected by cross-site scripting (xss) (CVSS 5.4).

XSS Wireless Mini Router Wireless N 300m Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-23496 MEDIUM POC PATCH This Month

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. [CVSS 5.4 MEDIUM]

Authentication Bypass Web2print Tools
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-67083 MEDIUM POC This Month

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration. [CVSS 5.3 MEDIUM]

Path Traversal Invoiceplane
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1002 MEDIUM POC PATCH This Month

Improper URI path normalization in Vert.x Web's static file handler allows remote attackers to manipulate the cache and deny access to static files through specially crafted request URIs containing encoded path traversal sequences. An unauthenticated attacker can exploit this vulnerability over the network with no user interaction to cause denial of service by returning HTTP 404 responses for normally accessible files. Public exploit code exists and patches are available.

Github Vert.X Web Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2021-47776 MEDIUM POC This Month

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. [CVSS 5.3 MEDIUM]

SSRF Umbraco Cms
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2021-47769 MEDIUM POC This Month

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. [CVSS 4.8 MEDIUM]

XSS Isshue
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-23495 MEDIUM POC PATCH This Month

Pimcore Admin Classic Bundle versions prior to 2.2.3 and 1.7.16 fail to enforce proper authorization on the Predefined Properties API endpoint, allowing authenticated backend users without explicit permissions to enumerate all property configurations. Public exploit code exists for this vulnerability. The flaw impacts any Pimcore deployment where backend user access controls rely on role-based restrictions for sensitive metadata definitions.

Authentication Bypass Admin Classic Bundle
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-23494 MEDIUM POC PATCH This Month

Pimcore versions prior to 12.3.1 and 11.5.14 fail to properly validate authorization on the static routes API endpoint, allowing authenticated users without proper permissions to view sensitive route configurations including regex patterns and controller mappings. Public exploit code exists for this vulnerability, and no patch is currently available. The issue affects both PHP and Pimcore installations where backend users with limited privileges could gain unauthorized access to routing infrastructure details.

PHP Pimcore
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-21921 MEDIUM This Month

Repeated telemetry collector subscriptions in Juniper Junos OS and Junos OS Evolved trigger a use-after-free vulnerability in the chassis daemon, allowing authenticated network attackers to crash critical processes and cause denial of service. Affected versions prior to 22.4R3-S8, 23.2R2-S5, and 23.4R2 are vulnerable when telemetry-capable daemons experience continuous sensor subscription cycles. No patch is currently available, leaving affected systems exposed until updates are released.

Juniper Use After Free Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21903 MEDIUM This Month

Denial-of-service in Juniper Junos OS Packet Forwarding Engine allows authenticated attackers to crash Forwarding Processor Cards by subscribing to telemetry sensors at scale, forcing service restarts and network disruption. The vulnerability affects Junos versions before 22.4R3-S7, 23.2R2-S4, and 23.4R2, with no patch currently available. Installation of specific YANG sensor packages mitigates the issue.

Juniper Buffer Overflow Stack Overflow Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21911 MEDIUM This Month

MAC learning failures in Juniper Junos OS Evolved's Layer 2 Control Protocol Daemon can be triggered by a network-adjacent attacker who repeatedly toggles the management interface, causing label-switched interface MAC address learning to halt while generating excessive logs and consuming high CPU resources. This calculation error (CWE-682) affects availability through denial of service and currently has no available patch. The attack requires network adjacency but no authentication or user interaction.

Juniper Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21910 MEDIUM This Month

EVPN-VXLAN traffic interruption in Juniper Junos on EX4k and QFX5k Series platforms allows adjacent network attackers to trigger interface link flaps that cause inter-VNI traffic to drop in configurations using Virtual Port-Link Aggregation Groups. An unauthenticated attacker can exploit this condition to deny service to VXLAN traffic between virtual network identifiers when multiple load-balanced next-hop routes exist for the same destination. No patch is currently available for this vulnerability.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21909 MEDIUM This Month

Denial of service in Juniper Junos OS and Junos OS Evolved allows an adjacent IS-IS neighbor to trigger a memory leak in the routing protocol daemon by sending specially crafted update packets. Repeated exploitation exhausts available memory and crashes the rpd process, rendering routing unavailable. No patch is currently available.

Juniper Denial Of Service Junos Os Evolved Junos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0203 MEDIUM This Month

Juniper Junos OS Forwarding Plane Crash (FPC) denial of service occurs when a network-adjacent attacker sends a specially crafted ICMPv4 packet with a malformed IP header, causing the affected line card to crash and restart. The attack is limited to directly adjacent networks since upstream routers filter such malformed packets before forwarding. No patch is currently available for this vulnerability affecting multiple Junos OS versions.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13859 MEDIUM This Month

The AffiliateX - Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_customization_settings AJAX action in versions 1.0.0 to 1.3.9.3. [CVSS 6.4 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-67078 MEDIUM This Month

Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors. [CVSS 6.1 MEDIUM]

XSS Agora Project
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-67025 MEDIUM This Month

Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section [CVSS 6.1 MEDIUM]

XSS Anycomment.Io
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52987 MEDIUM This Month

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. [CVSS 6.1 MEDIUM]

Juniper Paragon Automation
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-0990 MEDIUM PATCH This Month

libxml2's xmlCatalogXMLResolveURI function is vulnerable to uncontrolled recursion when processing self-referencing delegate URI entries in XML catalogs, allowing remote attackers to trigger stack exhaustion and crash applications. This configuration-dependent denial of service requires specially crafted XML input but no authentication, affecting any application using the vulnerable library to parse untrusted catalogs. No patch is currently available.

Denial Of Service Hardened Images Jboss Core Services Openshift Container Platform Enterprise Linux +3
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-22045 MEDIUM PATCH This Month

Denial of service in Traefik versions prior to 2.11.35 and 3.6.7 allows unauthenticated remote attackers to exhaust server resources by establishing incomplete ACME TLS-ALPN connections and leaving them open indefinitely. An attacker can send minimal ClientHello messages with the acme-tls/1 protocol and cease responding, causing goroutines and file descriptors to be held until the entry point becomes unavailable. The vulnerability affects systems with ACME TLS challenge enabled.

Golang TLS Denial Of Service Traefik Red Hat +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-21907 MEDIUM This Month

Junos Space versions up to 24.1 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.9).

Juniper TLS Junos Space
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-60011 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, it will be erroneously modified before propagation to peers. When the attribute is detected as malformed by the peers, these...

Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-59959 MEDIUM This Month

An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). [CVSS 5.5 MEDIUM]

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21912 MEDIUM This Month

A race condition in Juniper Junos OS on MX10k Series with LC480 or LC2101 line cards allows low-privileged local users to crash line card and potentially chassis daemons by repeatedly executing the 'show system firmware' command. Affected versions include all releases before 21.2R3-S10 and multiple later branches up to 23.2R, with no patch currently available. This denial of service vulnerability requires local access and can be triggered without elevated privileges.

Juniper Denial Of Service Race Condition Junos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-60007 MEDIUM This Month

A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS). [CVSS 5.5 MEDIUM]

Juniper Null Pointer Dereference Denial Of Service Junos
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-59961 MEDIUM This Month

An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource. This vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control...

Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-14448 MEDIUM PATCH This Month

WP-Members Membership Plugin (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 5.4).

WordPress XSS Wp Members PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-12895 MEDIUM This Month

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function in all versions up to, and including, 3.29. [CVSS 5.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-22644 MEDIUM This Month

Incoming Goods Suite contains a vulnerability that allows attackers to hijack the user's session and gain unauthorized access (CVSS 5.3).

Authentication Bypass Incoming Goods Suite
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22911 MEDIUM This Month

TDC X401GL firmware updates contain hardcoded password hashes for system accounts that are accessible to unauthenticated remote attackers over the network. An attacker could extract these hashes and potentially recover credentials to gain unauthorized access to the device. No patch is currently available for this vulnerability.

Authentication Bypass Tdc X401gl Firmware
NVD
CVSS 3.1
5.3
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy