Skip to main content
CVE-2025-27636 MEDIUM POC PATCH THREAT This Month

Bypass/Injection vulnerability in Apache Camel components under particular conditions.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 47.8%.

Microsoft Apache Authentication Bypass Java Camel +1
NVD GitHub
CVSS 3.1
5.6
EPSS
47.8%
CVE-2025-2129 MEDIUM POC This Month

A vulnerability was found in Mage AI 0.9.75. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
5.4%
CVE-2025-2113 MEDIUM POC This Month

A vulnerability was found in AT Software Solutions ATSVD up to 3.4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Atsvd
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1382 MEDIUM POC This Month

The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Contact Us PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-2126 MEDIUM POC This Month

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla and classified as critical.php/properties/list/list-with-sidebar/realties of the component GET Parameter Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Jux Real Estate Joomla
NVD VulDB Exploit-DB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-2127 MEDIUM POC This Month

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Jux Real Estate Joomla
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-2115 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Warehouse Refinement Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2121 MEDIUM POC This Month

A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure F800 Pro Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-2132 MEDIUM POC This Month

A vulnerability classified as critical has been found in ftcms 2.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ftcms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2130 MEDIUM POC This Month

A vulnerability was found in OpenXE up to 1.12. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openxe
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2123 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Geshi
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2131 MEDIUM POC This Month

A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xunruicms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-1362 MEDIUM POC This Month

The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Url Shortener Conversion Tracking Ab Testing Woocommerce PHP
NVD WPScan
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-1363 LOW POC Monitor

The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Url Shortener Conversion Tracking Ab Testing Woocommerce PHP
NVD WPScan
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-2118 MEDIUM This Month

A vulnerability was found in Quantico Tecnologia PRMV 6.48. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-2120 LOW POC Monitor

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure F800 Pro Firmware
NVD GitHub VulDB
CVSS 4.0
2.4
EPSS
0.0%
CVE-2025-2122 LOW POC Monitor

A vulnerability classified as problematic was found in Thinkware Car Dashcam F800 Pro up to 20250226. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service F800 Pro Firmware
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-2114 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7.asp of the component Reset Password Interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-2125 MEDIUM This Month

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control Id Rhid
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2116 MEDIUM This Month

A vulnerability has been found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-2117 MEDIUM This Month

A vulnerability was found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-2124 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Control iD RH iD 25.2.25.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2119 LOW Monitor

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. Rated low severity (CVSS 1.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.0
EPSS
0.0%
CVE-2025-26205 Awaiting Data

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-26204 Awaiting Data

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy