Skip to main content
CVE-2025-24799 HIGH POC THREAT Act Now

GLPI IT asset management platform contains an unauthenticated SQL injection through the inventory endpoint. Attackers can extract the entire GLPI database including asset inventories, user credentials, helpdesk tickets, and IT infrastructure documentation without any authentication.

SQLi Glpi
NVD GitHub
CVSS 3.1
7.5
EPSS
55.1%
Threat
4.7
CVE-2024-44313 HIGH POC PATCH This Week

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Tastyigniter
NVD GitHub
CVSS 3.1
8.1
EPSS
1.9%
CVE-2025-25585 HIGH POC This Week

Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Yimioa
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-2449 HIGH This Week

NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Flexlogger
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-25220 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2025-2494 HIGH This Week

Unrestricted file upload to Softdial Contact Center of Sytel Ltd. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE File Upload Softdial Contact Center
NVD
CVSS 4.0
8.7
EPSS
0.8%
CVE-2025-2450 HIGH This Week

NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Vision Builder Ai
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-30106 HIGH This Week

On IROAD v9 devices, the dashcam has hardcoded default credentials ("qwertyuiop") that cannot be changed by the user. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-2493 HIGH This Week

Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Softdial Contact Center
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-24801 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP File Upload Glpi
NVD GitHub
CVSS 3.1
8.5
EPSS
0.3%
CVE-2025-0755 HIGH This Week

The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Libbson MongoDB
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-21760 HIGH This Week

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Fortisoar
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-21619 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 4.0
8.2
EPSS
0.2%
CVE-2025-25589 HIGH This Week

An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE RCE Java
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-27688 HIGH This Week

Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Thinos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-25500 HIGH PATCH This Week

An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cosmwasm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-30116 HIGH This Week

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dr 820 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26137 HIGH This Week

Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP Risk Value
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-30111 HIGH This Week

On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-1468 HIGH CISA This Week

An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-30107 HIGH This Week

On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-2262 HIGH This Week

The The Logo Slider - Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2025-30117 HIGH This Week

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Dr 820 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-24306 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
7.2
EPSS
0.6%
CVE-2024-23942 HIGH This Week

A local user may find a configuration file on the client workstation with unencrypted sensitive data. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-30140 HIGH This Month

An issue was discovered on G-Net Dashcam BB GONX devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass G Onx Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-12563 HIGH This Month

The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE LFI WordPress
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-30142 HIGH This Month

An issue was discovered on G-Net Dashcam BB GONX devices. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass G Onx Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-30141 HIGH This Month

An issue was discovered on G-Net Dashcam BB GONX devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass G Onx Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-29907 HIGH POC PATCH This Week

jsPDF is a library to generate PDFs in JavaScript. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jspdf
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy