Skip to main content
CVE-2025-25521 CRITICAL POC Act Now

Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-25520 CRITICAL POC Act Now

Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-25519 CRITICAL POC Act Now

Seacms <=13.3 is vulnerable to SQL Injection in admin_zyk.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-25517 CRITICAL POC Act Now

Seacms <=13.3 is vulnerable to SQL Injection in admin_reslib.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-25516 CRITICAL POC Act Now

Seacms <=13.3 is vulnerable to SQL Injection in admin_paylog.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27135 HIGH POC This Week

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ragflow
NVD GitHub
CVSS 4.0
8.9
EPSS
0.3%
CVE-2025-25515 HIGH POC This Week

Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-12368 HIGH POC This Week

Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Odoo
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-27110 HIGH POC PATCH This Week

Libmodsecurity is one component of the ModSecurity v3 project. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Modsecurity Red Hat Suse
NVD GitHub
CVSS 4.0
7.9
EPSS
0.1%
CVE-2025-1648 HIGH POC This Week

The Yawave plugin for WordPress is vulnerable to SQL Injection via the 'lbid' parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Yawave PHP
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-36259 HIGH POC This Week

Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Authentication Bypass Odoo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-1128 CRITICAL PATCH Act Now

The Everest Forms - Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress Information Disclosure RCE File Upload Everest Forms +1
NVD GitHub
CVSS 3.1
9.8
EPSS
7.4%
CVE-2025-22210 HIGH POC This Week

A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hikashop Joomla
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-1641 MEDIUM POC This Month

A vulnerability was found in Benner ModernaNet up to 1.1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Modernanet
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-1640 MEDIUM POC This Month

A vulnerability was found in Benner ModernaNet up to 1.1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Modernanet
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-25514 MEDIUM POC This Month

Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-25574 CRITICAL PATCH GHSA Act Now

`jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Lti Jupyterhub Authenticator
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-26966 CRITICAL Act Now

Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent.11.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-26900 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in flexmls Flexmls® IDX allows Object Injection.14.27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-11955 MEDIUM POC This Month

A vulnerability was found in GLPI up to 10.0.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect PHP Glpi
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-26974 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multi Store Locator allows Blind SQL Injection.5.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-26943 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jürgen Müller Easy Quotes allows Blind SQL Injection.2.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-1642 MEDIUM POC This Month

A vulnerability was found in Benner ModernaNet up to 1.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Modernanet
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1643 MEDIUM POC This Month

A vulnerability was found in Benner ModernaNet up to 1.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Modernanet
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-1644 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Benner ModernaNet up to 1.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Modernanet
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-27148 HIGH PATCH This Week

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Java Apple Windows +3
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-45421 HIGH This Week

Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Meeting Software Development Kit Rooms +5
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2025-26752 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal.2. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-26915 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection.0.41. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-1675 HIGH PATCH This Week

The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2025-1673 HIGH This Week

A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2025-1674 HIGH This Week

A lack of input validation allows for out of bounds reads caused by malicious or malformed packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-26985 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support allows PHP Local File Inclusion.0.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-26598 HIGH PATCH This Week

An out-of-bounds write flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tigervnc X Server Xwayland +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26601 HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Tigervnc X Server +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26600 HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Tigervnc X Server +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26599 HIGH PATCH This Week

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Tigervnc X Server Xwayland +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26597 HIGH PATCH This Week

A buffer overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tigervnc X Server Xwayland Enterprise Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26596 HIGH PATCH This Week

A heap overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tigervnc X Server Xwayland +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26595 HIGH PATCH This Week

A buffer overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Tigervnc X Server Xwayland +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26594 HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Tigervnc X Server +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1204 HIGH This Week

The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-26946 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Yelp Review Slider allows Blind SQL Injection.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-26971 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection.6.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-27145 LOW POC PATCH Monitor

copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. Rated low severity (CVSS 3.6), this vulnerability is no authentication required. Public exploit code available.

XSS Copyparty
NVD GitHub
CVSS 3.1
3.6
EPSS
0.1%
CVE-2024-0148 HIGH This Week

NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure RCE Denial Of Service
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-26964 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion.0.20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26905 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Estatik Estatik allows PHP Local File Inclusion.1.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26753 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26957 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Deetronix Affiliate Coupons allows PHP Local File Inclusion.7.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy