Skip to main content
CVE-2025-25296 MEDIUM POC PATCH THREAT This Month

Label Studio is an open source data labeling tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.0%.

Information Disclosure XSS Label Studio
NVD GitHub
CVSS 3.1
6.1
EPSS
20.0%
CVE-2025-26156 HIGH POC This Week

A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Online Shopping Portal Project
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2025-25745 HIGH POC This Week

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Stack Overflow Dir 853 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-25297 HIGH POC PATCH This Week

Label Studio is an open source data labeling tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Label Studio
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-25997 HIGH POC This Week

Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Feminer Wms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2025-25994 HIGH POC This Week

SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Feminer Wms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57778 HIGH Act Now

An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
11.4%
CVE-2025-26506 CRITICAL Act Now

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Stack Overflow HP 499Q9E Firmware +94
NVD
CVSS 4.0
9.2
EPSS
6.1%
CVE-2025-25990 MEDIUM POC This Month

Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hoosk
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-26157 MEDIUM POC This Month

A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Beauty Parlour Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2024-52577 CRITICAL PATCH Act Now

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Deserialization Ignite Red Hat
NVD
CVSS 4.0
9.5
EPSS
2.6%
CVE-2024-13152 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2024-56973 CRITICAL Act Now

Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-22630 CRITICAL Act Now

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in MarketingFire Widget Options allows OS Command Injection.1.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2025-0867 CRITICAL Act Now

The standard user uses the run as function to start the MEAC applications with administrative privileges. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2024-56180 CRITICAL PATCH Act Now

g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apache Deserialization Eventmesh Windows +1
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-1298 CRITICAL Act Now

Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-26158 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Attendance Management System Tenda
NVD GitHub
CVSS 3.1
5.6
EPSS
0.5%
CVE-2025-25740 MEDIUM POC This Month

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Stack Overflow Dir 853 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2025-26508 HIGH This Week

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE HP Futuresmart 3 +97
NVD
CVSS 4.0
8.3
EPSS
6.1%
CVE-2024-57725 MEDIUM This Month

An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 14.8% and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
14.8%
CVE-2025-25992 MEDIUM POC This Month

SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Feminer Wms
NVD GitHub
CVSS 3.1
5.1
EPSS
0.2%
CVE-2025-25993 MEDIUM POC This Month

SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid.". Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Feminer Wms
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25991 MEDIUM POC This Month

SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hoosk
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25988 MEDIUM POC This Month

Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Denial Of Service Hoosk
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-0593 HIGH This Week

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by using lower-level functions to interact with the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-0592 HIGH This Week

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-7052 MEDIUM POC This Month

The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Forminator Forms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-13493 MEDIUM POC This Month

The Sensly Online Presence WordPress plugin through 0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sensly Online Presence
NVD WPScan
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-2240 HIGH This Week

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Privilege Escalation Brocade Sannav
NVD
CVSS 4.0
8.6
EPSS
1.0%
CVE-2025-25295 HIGH PATCH This Week

Label Studio is an open source data labeling tool. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-1053 HIGH This Week

Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. Rated high severity (CVSS 8.6), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-26791 MEDIUM POC PATCH This Month

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS). Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. Public exploit code available.

XSS Dompurify Red Hat Suse
NVD GitHub
CVSS 3.1
4.5
EPSS
0.2%
CVE-2024-12651 HIGH This Week

Exposed Dangerous Method or Function vulnerability in PTT Inc. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-26788 HIGH This Week

StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-25206 HIGH This Week

eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Privilege Escalation Elabftw
NVD GitHub
CVSS 3.1
8.3
EPSS
0.2%
CVE-2025-26519 HIGH PATCH This Week

musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8. Rated high severity (CVSS 8.1), this vulnerability is no authentication required.

Memory Corruption Buffer Overflow Musl
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2022-26083 HIGH This Week

Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via. Rated high severity (CVSS 7.5). No vendor patch available.

Intel Information Disclosure Integrated Performance Primitives Cryptography
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-26507 MEDIUM This Month

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Stack Overflow HP Futuresmart 3 +2
NVD
CVSS 4.0
6.3
EPSS
6.1%
CVE-2025-26522 HIGH This Week

This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-26523 HIGH This Week

This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.4
EPSS
0.5%
CVE-2024-8893 HIGH This Week

Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-55904 HIGH This Week

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-52500 HIGH This Week

Missing Authorization vulnerability in monetagwp Monetag Official Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.1.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-23853 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in michelem NoFollow Free allows Reflected XSS.6.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-24692 HIGH This Week

Missing Authorization vulnerability in Michael Revellin-Clerc Bulk Menu Edit allows Exploiting Incorrectly Configured Access Control Security Levels.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-24641 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API allows Stored XSS.1.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-24616 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder allows Reflected XSS.7.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-24566 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomáš Groulík Intro Tour Tutorial DeepPresentation allows Reflected XSS.5.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23905 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johannes van Poelgeest Admin Options Pages allows Reflected XSS.9.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy