Skip to main content
CVE-2025-26794 HIGH PATCH Act Now

Exim mail server version 4.98 before 4.98.1 contains a remote SQL injection vulnerability when SQLite hints and ETRN serialization features are enabled. The vulnerability allows remote attackers to inject SQL through crafted SMTP commands, potentially compromising the mail server's configuration and queued messages.

SQLi Exim Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
72.1%
CVE-2025-26014 CRITICAL POC Act Now

A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Loggrove
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2025-1538 HIGH POC This Week

A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dap 1320 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
0.8%
CVE-2025-26013 HIGH POC This Week

An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Loggrove
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-25282 HIGH POC This Week

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ragflow
NVD GitHub
CVSS 3.0
8.1
EPSS
0.1%
CVE-2024-57176 HIGH POC This Week

An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal White Jotter
NVD GitHub
CVSS 3.1
7.6
EPSS
0.5%
CVE-2025-25605 MEDIUM POC This Month

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
5.6%
CVE-2025-25604 MEDIUM POC This Month

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
5.6%
CVE-2025-25876 HIGH POC This Week

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP SQLi Simple Chatbox
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-25770 MEDIUM POC This Month

Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /agency/AgencyUserController.java. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wangmarket
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-25507 MEDIUM POC This Month

There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Code Injection Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2025-25505 MEDIUM POC This Month

Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25510 MEDIUM POC This Month

Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25875 MEDIUM POC This Month

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP SQLi Simple Chatbox
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-10222 MEDIUM POC PATCH This Month

The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Svg Support
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-25768 MEDIUM POC This Month

MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Mrcms
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-1543 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3.4.3.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dreamer Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-1548 MEDIUM POC This Month

A vulnerability was found in iteachyou Dreamer CMS 4.1.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dreamer Cms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2020-19248 MEDIUM POC This Month

SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs,. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pbootcms
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-25772 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Java Jspxcms
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-13353 HIGH PATCH This Week

The Responsive Addons for Elementor - Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure PHP RCE LFI WordPress +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-25766 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection RCE File Upload Mrcms
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-1539 HIGH This Week

A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Buffer Overflow Dap 1320 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-25767 MEDIUM POC This Month

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Privilege Escalation Java Mrcms
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-9150 HIGH This Week

Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ssti
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-1403 HIGH PATCH This Week

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service Qiskit
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2025-25769 HIGH This Week

Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Wangmarket
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-25765 MEDIUM POC This Month

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mrcms
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-27106 HIGH This Week

binance-trading-bot is an automated Binance trading bot with trailing buy/sell strategy. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 4.0
7.7
EPSS
1.5%
CVE-2025-25878 LOW POC Monitor

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP SQLi Simple Chatbox
NVD GitHub
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-25877 LOW POC Monitor

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP SQLi Simple Chatbox
NVD GitHub
CVSS 3.1
3.8
EPSS
0.1%
CVE-2024-11260 HIGH This Week

The Events Manager - Calendar, Bookings, Tickets, and more!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Events Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-13314 LOW POC Monitor

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Carousel Slider Gallery By Wp Carousel
NVD WPScan
CVSS 3.1
3.5
EPSS
0.1%
CVE-2024-13585 LOW POC Monitor

The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ajax Search
NVD WPScan
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-27108 HIGH PATCH This Week

dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dom Expressions
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-27109 HIGH PATCH This Week

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-1546 MEDIUM This Month

A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
2.1%
CVE-2025-1536 MEDIUM This Month

A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
2.1%
CVE-2025-0726 HIGH PATCH This Week

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Threadx Netx Duo
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-1471 HIGH PATCH This Week

In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Omr
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-1555 MEDIUM This Month

A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Education And Training System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-1535 MEDIUM This Month

A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2019-8900 MEDIUM This Month

A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Securerom
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-13713 MEDIUM PATCH This Month

The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Givewp Square
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13235 MEDIUM PATCH This Month

The Pinpoint Booking System - #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.2 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-27100 MEDIUM PATCH This Month

lakeFS is an open-source tool that transforms your object storage into a Git-like repository. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1489 MEDIUM PATCH This Month

The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Appbox PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13648 MEDIUM PATCH This Month

The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Maps For Wp
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12452 MEDIUM PATCH This Month

The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeo_event' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ziggeo
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1410 MEDIUM PATCH This Month

The Events Calendar Made Simple - Pie Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's piecal shortcode in all versions up to, and including, 1.2.5 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Pie Calendar PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy