Skip to main content
CVE-2024-48248 HIGH POC KEV THREAT Act Now

NAKIVO Backup & Replication contains an absolute path traversal allowing unauthenticated remote attackers to read arbitrary files, including configuration files with cleartext credentials for physical discovery operations.

RCE Path Traversal Backup Replication Director
NVD GitHub
CVSS 3.1
8.6
EPSS
94.0%
Threat
7.5
CVE-2025-22224 CRITICAL KEV THREAT CERT-EU Emergency

VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrators on VMs to escape the sandbox and execute code as the VMX process on the host.

Buffer Overflow VMware ESXi Cloud Foundation Telco Cloud Infrastructure +2
NVD
CVSS 3.1
9.3
EPSS
52.7%
CVE-2025-26319 CRITICAL POC THREAT Emergency

FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Unauthenticated attackers can upload malicious files including executable scripts, achieving remote code execution on the Flowise server.

File Upload Flowise
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
77.0%
Threat
5.8
CVE-2025-22225 HIGH KEV THREAT CERT-EU Act Now

VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes, enabling escape from the VMX sandbox to the ESXi kernel.

Memory Corruption Buffer Overflow VMware ESXi Cloud Foundation +2
NVD
CVSS 3.1
8.2
EPSS
7.9%
CVE-2025-22226 HIGH KEV THREAT CERT-EU Act Now

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.

Information Disclosure Buffer Overflow VMware ESXi Cloud Foundation +4
NVD
CVSS 3.1
7.1
EPSS
6.8%
CVE-2025-1307 CRITICAL PATCH Act Now

The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.9%.

RCE WordPress Authentication Bypass Newscrunch PHP
NVD
CVSS 3.1
9.8
EPSS
23.9%
CVE-2025-23368 HIGH POC PATCH This Week

A flaw was found in Wildfly Elytron integration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Wildfly Core Data Grid Jboss Enterprise Application Platform
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2020-23438 HIGH POC This Week

Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Filmora
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-41147 HIGH POC This Week

An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Miniaudio
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-1937 HIGH POC PATCH This Week

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Mozilla
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-25426 HIGH POC This Week

yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yshopmall
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-1899 HIGH POC This Week

A vulnerability has been found in Tenda TX3 16.03.13.11_multi and classified as critical. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Tx3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-1898 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Tx3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-1897 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda TX3 16.03.13.11_multi. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Tx3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-1896 HIGH POC This Week

A vulnerability classified as critical was found in Tenda TX3 16.03.13.11_multi. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Tx3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-1895 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Tx3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-1925 MEDIUM POC This Month

A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2025-1903 MEDIUM POC This Month

A vulnerability was found in Codezips Online Shopping Website 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Shopping Website
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1902 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Student Record System 3.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Record System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1959 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1901 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1900 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1956 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopping Portal
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1952 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1954 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Metapneumovirus Testing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1894 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-1639 HIGH This Week

The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_elementor_plugin_handler(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Arolax PHP
NVD
CVSS 3.1
8.8
EPSS
9.6%
CVE-2025-26182 MEDIUM POC This Month

An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Java Novel Plus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-0912 CRITICAL PATCH Act Now

The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

WordPress PHP RCE Deserialization Givewp
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2025-1946 MEDIUM POC This Month

A vulnerability was found in hzmanyun Education and Training System 2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Education And Training System
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
4.8%
CVE-2024-50707 CRITICAL Act Now

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Tripleplay
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2025-1947 MEDIUM POC This Month

A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Education And Training System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.9%
CVE-2024-50704 CRITICAL Act Now

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Tripleplay
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-1942 CRITICAL PATCH Act Now

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird <. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-50706 CRITICAL Act Now

Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Tripleplay
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-26136 CRITICAL Act Now

A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mysiteforme
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-27510 CRITICAL Act Now

conda-forge-metadata provides programatic access to conda-forge's metadata. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 4.0
9.3
EPSS
0.9%
CVE-2025-1890 MEDIUM POC This Month

A vulnerability has been found in shishuocms 1.1 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java Shishuocms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-13685 MEDIUM POC This Month

The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Admin And Site Enhancements
NVD WPScan
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-1958 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in aaluoxiang oa_system 1.0.xml. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Oa System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1893 MEDIUM POC PATCH This Month

A vulnerability was found in Open5GS up to 2.7.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1949 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ZZCMS 2025.php of the component URL Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Zzcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1961 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Best Church Management Software 1.1 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Church Management Software
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1891 MEDIUM POC This Month

A vulnerability was found in shishuocms 1.1 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Shishuocms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-11957 CRITICAL Act Now

Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Jwt Attack Information Disclosure Windows
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-1941 CRITICAL PATCH Act Now

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-1260 CRITICAL Act Now

On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-1957 MEDIUM POC This Month

A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-1906 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-1905 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy