Skip to main content
CVE-2020-37130 MEDIUM POC This Month

Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. [CVSS 7.5 HIGH]

Denial Of Service Buffer Overflow Nsauditor
NVD Exploit-DB VulDB
CVSS 4.0
6.7
EPSS
0.0%
CVE-2020-37131 MEDIUM POC This Month

Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. [CVSS 6.2 MEDIUM]

Denial Of Service Buffer Overflow Product Key Explorer
NVD Exploit-DB VulDB
CVSS 4.0
6.7
EPSS
0.0%
CVE-2025-32393 MEDIUM POC PATCH This Month

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS vulnerability in ReadRSSFeedBlock. [CVSS 6.5 MEDIUM]

Denial Of Service AI / ML Autogpt Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2020-37128 MEDIUM POC This Month

ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. [CVSS 6.2 MEDIUM]

Denial Of Service
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2020-37132 MEDIUM POC This Month

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. [CVSS 6.2 MEDIUM]

Denial Of Service Ultravnc
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2020-37137 MEDIUM POC This Month

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. [CVSS 6.1 MEDIUM]

PHP RCE Phpfusion
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-70792 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. [CVSS 6.1 MEDIUM]

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-70791 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. [CVSS 6.1 MEDIUM]

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2020-37152 MEDIUM POC This Month

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. [CVSS 6.1 MEDIUM]

PHP XSS Phpfusion
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2020-37121 MEDIUM POC This Month

CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. [CVSS 5.5 MEDIUM]

RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-37127 MEDIUM POC PATCH This Month

Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. [CVSS 5.5 MEDIUM]

Buffer Overflow Denial Of Service Red Hat Suse
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-69619 MEDIUM POC This Month

A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage. [CVSS 5.0 MEDIUM]

Denial Of Service Path Traversal My Teditor
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2020-37144 MEDIUM POC This Month

Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. [CVSS 5.3 MEDIUM]

PHP CSRF
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-58190 MEDIUM POC PATCH This Month

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. [CVSS 5.3 MEDIUM]

Golang Denial Of Service Html Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2020-37140 MEDIUM POC This Month

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. [CVSS 5.5 MEDIUM]

Denial Of Service Memory Corruption Buffer Overflow Aida64
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37145 MEDIUM POC This Month

HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. [CVSS 4.3 MEDIUM]

CSRF
NVD Exploit-DB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-0715 MEDIUM This Month

Bootloader menu access in Moxa UC series industrial computers can be obtained by attackers with physical access using a device-unique password, potentially enabling temporary denial-of-service through firmware reflashing. The vulnerability is constrained by bootloader signature verification that prevents installation of unsigned firmware or arbitrary code execution. No patch is currently available for affected Linux and UC firmware versions.

Linux Privilege Escalation V1202 Ct T Firmware Uc 3424a T Lte Firmware V2406c Wl1 Ct T Firmware +32
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-0714 MEDIUM POC This Month

TPM-backed LUKS encryption bypass in Moxa Industrial Linux 3 on select industrial computers allows an attacker with invasive physical access to the SPI bus to intercept TPM communications and decrypt eMMC storage contents offline. This attack requires opening the device and connecting specialized equipment for extended signal capture, making it impractical for opportunistic access scenarios. Affected products include V1222 Ct T, Uc 3430a T Lte Wifi, Uc 8220 T Lx, and Uc 4414a I T firmware variants.

Linux V1222 Ct T Firmware Uc 3430a T Lte Wifi Firmware Uc 8220 T Lx Firmware Uc 4414a I T Firmware +31
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-15312 MEDIUM This Month

Tanium addressed an improper output sanitization vulnerability in Tanium Appliance. [CVSS 6.6 MEDIUM]

XSS Tanos
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-15324 MEDIUM This Month

Tanium addressed a documentation issue in Engage. [CVSS 6.6 MEDIUM]

Path Traversal Engage
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-0391 MEDIUM PATCH This Month

Edge Chromium is affected by user interface (ui) misrepresentation of critical information (CVSS 6.5).

Microsoft Android Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15343 MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Enforce. [CVSS 6.5 MEDIUM]

Privilege Escalation Enforce
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15337 MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Patch. [CVSS 6.5 MEDIUM]

Privilege Escalation Patch
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15336 MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Performance. [CVSS 6.5 MEDIUM]

Privilege Escalation Performance
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15341 MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Benchmark. [CVSS 6.5 MEDIUM]

Privilege Escalation Benchmark
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15339 MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Discover. [CVSS 6.5 MEDIUM]

Privilege Escalation Discover
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15338 MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Partner Integration. [CVSS 6.5 MEDIUM]

Privilege Escalation Partner Integration
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14150 MEDIUM This Month

IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses. [CVSS 6.5 MEDIUM]

IBM
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12131 MEDIUM This Month

A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. [CVSS 6.5 MEDIUM]

Denial Of Service Simplicity Software Development Kit
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15340 MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Comply. [CVSS 6.5 MEDIUM]

Privilege Escalation Comply
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1319 MEDIUM This Month

Stored cross-site scripting in Robin Image Optimizer plugin versions up to 2.0.2 allows authenticated WordPress users with Author-level or higher privileges to inject malicious scripts through the Media Library image Alternative Text field. The injected scripts execute in the browsers of any user viewing affected pages, potentially compromising site visitors. No patch is currently available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1268 MEDIUM This Month

Stored cross-site scripting in the Dynamic Widget Content plugin for WordPress (versions up to 1.3.6) allows authenticated users with Contributor privileges or higher to inject malicious scripts through the Gutenberg editor widget content field due to inadequate input sanitization. The injected scripts execute in the browsers of any user viewing the affected pages, potentially compromising account security and enabling credential theft or unauthorized actions.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-0867 MEDIUM This Month

Stored cross-site scripting in Essential Widgets for WordPress through version 3.0 allows authenticated contributors and above to inject malicious scripts into pages via insufficiently sanitized shortcode attributes. When other users visit affected pages, the injected scripts execute in their browsers, potentially compromising sessions or stealing sensitive data. A patch is not currently available for this vulnerability.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-15325 MEDIUM This Month

Tanium addressed an improper input validation vulnerability in Discover. [CVSS 6.3 MEDIUM]

SQLi Discover
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-1896 MEDIUM PATCH This Month

Improper access control in Wekan's board migration function allows authenticated remote attackers to manipulate the boardId parameter and gain unauthorized access to sensitive data or modify board information. Wekan versions up to 8.20 are affected, and administrators should upgrade to version 8.21 or later to remediate this vulnerability.

Information Disclosure Wekan
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-1963 MEDIUM PATCH This Month

Improper access controls in Wekan's attachment storage mechanism (models/attachments.js) up to version 8.20 allow authenticated remote attackers to gain unauthorized access to sensitive data and modify attachments. An attacker with valid credentials can exploit this vulnerability to read, modify, or delete attachments they should not have permission to access. Upgrading to version 8.21 or later resolves this issue.

Information Disclosure Wekan
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-1962 MEDIUM PATCH This Month

Improper access controls in Wekan's attachment migration component allow authenticated remote attackers to read, modify, or disrupt service functionality. The vulnerability affects Wekan versions up to 8.20 and requires valid user credentials to exploit. Users should upgrade to version 8.21 or later to remediate this issue.

Information Disclosure Wekan
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-10258 MEDIUM This Month

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information. [CVSS 6.3 MEDIUM]

SQLi Infinera Dna
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-1898 MEDIUM PATCH This Month

Improper access controls in WeKan's LDAP user synchronization component (versions up to 8.20) allow authenticated remote attackers to gain unauthorized access to sensitive information or modify data with low complexity. The vulnerability affects the LDAP User Sync functionality in packages/wekan-ldap/server/syncUser.js and requires valid credentials to exploit. WeKan 8.21 and later address this issue and should be deployed immediately.

LDAP Wekan
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-1654 MEDIUM This Month

Peter's Date Countdown plugin for WordPress through version 2.0.0 contains a reflected cross-site scripting vulnerability in the PHP_SELF parameter that allows unauthenticated attackers to inject malicious scripts. Exploitation requires social engineering to trick users into clicking a malicious link, but successful attacks can compromise user sessions and steal sensitive data. No patch is currently available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-15551 MEDIUM This Month

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. [CVSS 5.6 MEDIUM]

TP-Link Information Disclosure Code Injection
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2026-1927 MEDIUM This Month

The Greenshift animation and page builder plugin for WordPress (up to version 12.6) fails to properly validate user capabilities on the greenshift_app_pass_validation() function, allowing authenticated subscribers and above to extract sensitive plugin configuration including stored AI API keys and inject malicious scripts through the custom_css setting. This combination of information disclosure and stored cross-site scripting (XSS) requires only valid WordPress user credentials to exploit, with a partial patch available in version 12.6.

WordPress Authentication Bypass XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-68643 MEDIUM This Month

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. [CVSS 5.4 MEDIUM]

XSS Axigen Mail Server
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-14079 MEDIUM This Month

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. [CVSS 5.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-47911 MEDIUM PATCH This Month

Html contains a vulnerability that allows attackers to denial of service (DoS) if an attacker provides specially crafted HTML content (CVSS 5.3).

Golang Denial Of Service Html Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1271 MEDIUM This Month

Authenticated users can modify arbitrary user profile and cover images in WordPress ProfileGrid plugin versions up to 5.9.7.2 due to missing authorization checks in the image upload AJAX handlers. Attackers with Subscriber-level access can exploit this to deface administrator accounts and other users' profiles. No patch is currently available for this integrity vulnerability.

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-13491 MEDIUM This Month

IBM App Connect Enterprise Certified Container versions up to 12.19.0 is affected by untrusted search path (CVSS 5.1).

IBM Information Disclosure
NVD VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-15328 MEDIUM This Month

Tanium addressed an improper link resolution before file access vulnerability in Enforce. [CVSS 5.0 MEDIUM]

Path Traversal Enforce
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-1246 MEDIUM This Month

Arbitrary file read in ShortPixel Image Optimizer plugin for WordPress through path traversal in the loadLogFile AJAX action allows authenticated users with Editor-level privileges or higher to access sensitive server files including database credentials. The vulnerability exists in versions up to 6.4.2 due to insufficient path validation on the loadFile parameter, and no patch is currently available.

WordPress Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-15332 MEDIUM This Month

Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.9 MEDIUM]

Information Disclosure Threat Response
NVD
CVSS 3.1
4.9
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy