Skip to main content
CVE-2025-27419 CRITICAL POC PATCH Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wegia
NVD GitHub
CVSS 4.0
9.2
EPSS
0.9%
CVE-2025-25948 CRITICAL POC Act Now

Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Student Information System
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-26206 CRITICAL POC Act Now

Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Storefront
NVD GitHub
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-1853 HIGH POC This Week

A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac8 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-53388 HIGH POC This Week

A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Mavo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-53387 HIGH POC This Week

A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Umeditor
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-25302 HIGH POC PATCH This Week

Rembg is a tool to remove images background. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rembg
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-25185 HIGH POC PATCH This Week

GPT Academic provides interactive interfaces for large language models. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpt Academic
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-1877 HIGH POC This Week

A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Dap 1562 Firmware
NVD VulDB
CVSS 4.0
7.1
EPSS
0.3%
CVE-2025-1876 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dap 1562 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-1858 MEDIUM POC This Month

A vulnerability classified as critical was found in Codezips Online Shopping Website 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Shopping Website
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1856 MEDIUM POC This Month

A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1850 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips College Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi College Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1857 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Nipah Virus Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Nipah Virus Testing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1859 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi News Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-25301 MEDIUM POC PATCH This Month

Rembg is a tool to remove images background. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Rembg
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-27420 MEDIUM POC PATCH This Month

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.2%
CVE-2025-27499 MEDIUM POC PATCH This Month

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.2%
CVE-2025-27417 MEDIUM POC PATCH This Month

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.2%
CVE-2025-27418 MEDIUM POC PATCH This Month

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.1%
CVE-2025-1864 CRITICAL PATCH Act Now

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.9.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Radare2 Suse
NVD GitHub
CVSS 4.0
10.0
EPSS
0.3%
CVE-2025-26970 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme Core ark-core allows Code Injection.71.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-1867 CRITICAL Act Now

A critical HTTP Request/Response Smuggling vulnerability (CWE-444) in ithewei libhv library versions up to 1.3.3 allows attackers to manipulate HTTP request interpretation between frontend and backend servers. With a CVSS 4.0 score of 10.0, this vulnerability requires no authentication or user interaction and can be exploited remotely with low complexity. HTTP smuggling attacks can bypass security controls, poison web caches, hijack user sessions, and enable cross-site scripting, making this particularly dangerous in environments using libhv as a reverse proxy or HTTP server component.

Information Disclosure Request Smuggling
NVD GitHub
CVSS 4.0
10.0
EPSS
0.2%
CVE-2025-1866 CRITICAL Act Now

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access.3.4 and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 4.0
10.0
EPSS
0.1%
CVE-2024-55532 CRITICAL PATCH Act Now

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Ranger
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-20646 CRITICAL Act Now

In wlan AP FW, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-8262 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Proliz Software OBS allows Path Traversal.0927. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27270 CRITICAL Act Now

Missing Authorization vulnerability in NotFound Residential Address Detection allows Privilege Escalation.5.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-57240 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Webviewer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25949 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Student Information System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-51091 MEDIUM POC This Month

Cross Site Scripting vulnerability in seajs v.2.2.3 allows a remote attacker to execute arbitrary code via the seajs package. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Seajs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-1846 MEDIUM POC This Month

A vulnerability was found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Java Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-1849 MEDIUM POC This Month

A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1848 MEDIUM POC This Month

A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1847 MEDIUM POC This Month

A vulnerability was found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-25150 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing allows Blind SQL Injection.1.6. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2025-1854 MEDIUM POC This Month

A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1843 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Tmall Demo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-27268 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes - Worldwide Express Edition allows SQL Injection.2.18. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-26535 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Bitcoin / AltCoin Payment Gateway for WooCommerce allows Blind SQL Injection.7.6. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-1855 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1875 CRITICAL Act Now

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "searchtitle" parameter in search.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Best Online News Portal
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-1874 CRITICAL Act Now

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "description" parameter in admin/add-category.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Best Online News Portal
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-1873 CRITICAL Act Now

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagetitle" and "pagedescription" parameters in admin/contactus.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Best Online News Portal
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-1872 CRITICAL Act Now

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "sadminusername" parameter in admin/add-subadmins.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Best Online News Portal
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-1871 CRITICAL Act Now

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" parameters in admin/add-subcategory.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Best Online News Portal
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-1870 CRITICAL Act Now

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagedescription" parameter in admin/aboutus.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Best Online News Portal
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-1869 CRITICAL Act Now

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "username" parameter in admin/check_avalability.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Best Online News Portal
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-1889 MEDIUM POC PATCH This Month

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Picklescan
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2024-10925 MEDIUM POC This Month

A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy