Skip to main content
CVE-2025-24799 HIGH POC THREAT Act Now

GLPI IT asset management platform contains an unauthenticated SQL injection through the inventory endpoint. Attackers can extract the entire GLPI database including asset inventories, user credentials, helpdesk tickets, and IT infrastructure documentation without any authentication.

SQLi Glpi
NVD GitHub
CVSS 3.1
7.5
EPSS
55.1%
Threat
4.7
CVE-2024-57169 CRITICAL POC Act Now

A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Soplanning
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2025-2473 MEDIUM POC THREAT This Month

A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

PHP SQLi Company Visitor Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
13.0%
CVE-2024-44313 HIGH POC PATCH This Week

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Tastyigniter
NVD GitHub
CVSS 3.1
8.1
EPSS
1.9%
CVE-2025-25585 HIGH POC This Week

Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Yimioa
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-2472 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Visitors Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-57151 MEDIUM POC This Month

SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Xinhu
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-57170 MEDIUM POC This Month

SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Denial Of Service Soplanning
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-25582 MEDIUM POC This Month

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yimioa
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-25590 MEDIUM POC This Month

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yimioa
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-25580 MEDIUM POC This Month

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yimioa
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-56346 CRITICAL Act Now

IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Aix
NVD
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-25595 CRITICAL Act Now

A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Safe
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-30123 CRITICAL Act Now

An issue was discovered on ROADCAM X3 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-30122 CRITICAL Act Now

An issue was discovered on ROADCAM X3 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-30115 CRITICAL Act Now

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dr 820 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-30113 CRITICAL Act Now

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Dr 820 Firmware Android
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-8997 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.187, V4.53. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-47539 CRITICAL Act Now

An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortimail
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-56347 CRITICAL Act Now

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Aix
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2025-2471 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Boat Booking System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-23943 CRITICAL Act Now

An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-30114 CRITICAL Act Now

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dr 820 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-30132 CRITICAL Act Now

An issue was discovered on IROAD Dashcam V devices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-2449 HIGH This Week

NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Flexlogger
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-25220 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2025-2494 HIGH This Week

Unrestricted file upload to Softdial Contact Center of Sytel Ltd. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE File Upload Softdial Contact Center
NVD
CVSS 4.0
8.7
EPSS
0.8%
CVE-2025-2450 HIGH This Week

NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Vision Builder Ai
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-2491 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Ujcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-30106 HIGH This Week

On IROAD v9 devices, the dashcam has hardcoded default credentials ("qwertyuiop") that cannot be changed by the user. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-2490 MEDIUM POC This Month

A vulnerability was found in Dromara ujcms 9.7.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Java Ujcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-2493 HIGH This Week

Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Softdial Contact Center
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-24801 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP File Upload Glpi
NVD GitHub
CVSS 3.1
8.5
EPSS
0.3%
CVE-2025-0755 HIGH This Week

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Libbson MongoDB
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-21760 HIGH This Week

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Fortisoar
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-21619 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 4.0
8.2
EPSS
0.2%
CVE-2025-25586 MEDIUM POC This Month

yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. Rated medium severity (CVSS 4.2). Public exploit code available and no vendor patch available.

Information Disclosure Yimioa
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-25589 HIGH This Week

An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE RCE Java
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-27688 HIGH This Week

Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Thinos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-25500 HIGH PATCH This Week

An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cosmwasm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-30116 HIGH This Week

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dr 820 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26137 HIGH This Week

Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP Risk Value
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-30111 HIGH This Week

On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-1468 HIGH CISA This Week

An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-30107 HIGH This Week

On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-2262 HIGH This Week

The The Logo Slider - Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2025-30117 HIGH This Week

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Dr 820 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-24306 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
7.2
EPSS
0.6%
CVE-2024-23942 HIGH This Week

A local user may find a configuration file on the client workstation with unencrypted sensitive data. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-2489 MEDIUM This Month

Insecure information storage vulnerability in NTFS Tools version 3.5.1. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.8
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy