Skip to main content
CVE-2025-1199 MEDIUM POC This Month

A vulnerability was found in SourceCodester Best Church Management Software 1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Church Management Software
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1189 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in 1000 Projects Attendance Tracking Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance Tracking Management System Tenda
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1210 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wazifa System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1183 MEDIUM POC This Month

A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-1197 MEDIUM POC This Month

A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Real Estate Property Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-1206 MEDIUM POC This Month

A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-25200 CRITICAL PATCH Act Now

Koa is expressive middleware for Node.js using ES2017 async functions. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Denial Of Service Koa
NVD GitHub
CVSS 4.0
9.2
EPSS
0.4%
CVE-2022-31631 CRITICAL PATCH Act Now

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Red Hat Suse
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2025-1190 MEDIUM POC This Month

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Job Recruitment
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2025-1195 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Real Estate Property Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2025-1209 MEDIUM POC This Month

A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wazifa System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2025-1208 MEDIUM POC This Month

A vulnerability was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wazifa System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2025-1196 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Real Estate Property Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-1213 MEDIUM POC This Month

A vulnerability was found in pihome-shc PiHome 1.77. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Maxair
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2024-13714 HIGH This Week

The All-Images.ai - IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_get_image_by_url' function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2025-1244 HIGH PATCH This Week

A command injection flaw was found in the text editor Emacs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2025-0376 HIGH This Week

An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
1.0%
CVE-2025-26340 HIGH This Week

A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to bypass the authentication via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-26378 HIGH This Week

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-26375 HIGH This Week

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-26371 HIGH This Week

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-26369 HIGH This Week

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add privileges to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0556 HIGH This Week

In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Telerik Report Server
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-12296 HIGH This Week

The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-13653 HIGH This Week

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-1187 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Police FIR Record Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Police Fir Record Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-34520 HIGH This Week

An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an authenticated 'guest' user to perform unauthorized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-49615 HIGH This Week

Improper input validation in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2023-49618 HIGH This Week

Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Buffer Overflow Privilege Escalation
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-31155 HIGH This Week

Improper buffer restrictions in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Intel Buffer Overflow Privilege Escalation
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2023-49603 HIGH This Week

Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Race Condition Privilege Escalation
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2023-34440 HIGH PATCH This Week

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7).

Intel Privilege Escalation Red Hat Suse
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2023-43758 HIGH PATCH This Week

Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity.

Intel Privilege Escalation Red Hat Suse
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2024-29214 HIGH PATCH This Week

Improper input validation in UEFI firmware CseVariableStorageSmm for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Intel Privilege Escalation Red Hat Suse
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2024-28127 HIGH PATCH This Week

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Intel Privilege Escalation Red Hat Suse
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2024-24582 HIGH PATCH This Week

Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Intel Privilege Escalation Red Hat Suse
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-0110 HIGH This Week

A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Paloalto
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2023-48267 HIGH This Week

Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Intel Buffer Overflow Privilege Escalation
NVD VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2024-36262 HIGH This Week

Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.6). No vendor patch available.

Intel Race Condition Privilege Escalation
NVD VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2024-12673 HIGH This Week

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2024-37355 HIGH This Week

Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2023-31276 HIGH This Week

Heap-based buffer overflow in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, before version 02.01.0017 and Intel(R) Server Board. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Buffer Overflow Heap Overflow Privilege Escalation
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2024-11343 HIGH This Week

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Telerik Document Processing Libraries
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2025-0516 MEDIUM POC This Month

Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-9870 MEDIUM POC This Month

An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-26343 HIGH This Week

A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to brute-force user PINs via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Maxtime
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-1146 HIGH This Week

CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Kubernetes Windows
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-26377 HIGH This Week

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-26368 HIGH This Week

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Maxtime
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-12386 HIGH PATCH This Week

The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Abstracts
NVD
CVSS 3.1
8.1
EPSS
0.1%
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy