Skip to main content
CVE-2025-29306 CRITICAL POC THREAT Emergency

FoxCMS version 1.2.5 contains an unauthenticated remote code execution vulnerability in the case display page of the index.html component. Attackers can inject and execute arbitrary PHP code on the server through crafted requests to the case display functionality.

RCE Code Injection Foxcms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
84.4%
Threat
6.0
CVE-2025-28138 CRITICAL POC Act Now

The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A800R Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
7.9%
CVE-2025-30364 CRITICAL POC Act Now

WeGIA is a Web manager for charitable institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
0.6%
CVE-2025-30367 CRITICAL POC Act Now

WeGIA is a Web manager for charitable institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP SQLi Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
0.3%
CVE-2025-25686 CRITICAL POC Act Now

semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Semcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-30365 CRITICAL POC Act Now

WeGIA is a Web manager for charitable institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.6%
CVE-2025-2255 HIGH POC This Week

An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.2%
CVE-2025-0811 HIGH POC This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.2%
CVE-2024-12905 HIGH POC PATCH This Week

An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Red Hat
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-55073 HIGH POC This Week

{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mealie
NVD GitHub
CVSS 3.1
7.6
EPSS
0.2%
CVE-2025-28135 HIGH POC This Week

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A810R Firmware TOTOLINK
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-2833 MEDIUM POC This Month

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Oneblog
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-2846 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-29486 MEDIUM POC This Month

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJECT3 function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-29497 MEDIUM POC This Month

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-29496 MEDIUM POC This Month

libming v0.4.8 was discovered to contain a segmentation fault via the decompileDUPLICATECLIP function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-29494 MEDIUM POC This Month

libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETMEMBER function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-29492 MEDIUM POC This Month

libming v0.4.8 was discovered to contain a segmentation fault via the decompileSETVARIABLE function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-29489 MEDIUM POC This Month

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-29488 MEDIUM POC This Month

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-26265 MEDIUM POC This Month

A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE Context Modification response. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Openairinterface5G
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29483 MEDIUM POC This Month

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_ENABLEDEBUGGER2 function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30363 MEDIUM POC This Month

WeGIA is a Web manager for charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.2%
CVE-2025-30362 MEDIUM POC This Month

WeGIA is a Web manager for charitable institutions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wegia
NVD GitHub
CVSS 4.0
6.4
EPSS
0.1%
CVE-2025-30366 MEDIUM POC This Month

WeGIA is a Web manager for charitable institutions. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wegia
NVD GitHub
CVSS 4.0
6.2
EPSS
0.1%
CVE-2025-2332 CRITICAL Act Now

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress PHP Deserialization
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2025-2857 CRITICAL PATCH Act Now

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Mozilla Chrome
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-26909 CRITICAL Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.4.01. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-2516 CRITICAL Act Now

The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 4.0
9.5
EPSS
0.1%
CVE-2024-55072 MEDIUM POC This Month

{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mealie
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-26898 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shinetheme Traveler.1.8. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2025-2847 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2854 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2831 MEDIUM POC This Month

A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Library Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2835 MEDIUM POC This Month

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Oneblog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2832 MEDIUM POC This Month

A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Library Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2855 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Eladmin
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
1.0%
CVE-2025-2852 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Food Ordering Management System up to 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Food Ordering Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-26873 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Shine theme Traveler.2.1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2025-30891 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpTravelly allows PHP Local File Inclusion.8.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-30846 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jetmonsters Restaurant Menu by MotoPress allows PHP Local File Inclusion.4.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-30772 HIGH This Week

Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce allows Privilege Escalation.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-2849 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Upx Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2024-45352 HIGH This Week

An code execution vulnerability exists in the Xiaomi smarthome application product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-30358 HIGH PATCH This Week

Mesop is a Python-based UI framework that allows users to build web applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python RCE Denial Of Service
NVD GitHub
CVSS 3.1
8.1
EPSS
3.1%
CVE-2025-22783 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO allows SQL Injection.4.03. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.6%
CVE-2025-30355 HIGH PATCH This Week

Synapse is an open source Matrix homeserver implementation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Synapse Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
7.5%
CVE-2025-30819 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Igor Benic Simple Giveaways allows SQL Injection.48.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-30810 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smackcoders Lead Form Data Collection to CRM allows Blind SQL Injection.0.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-30806 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Constantin Boiangiu Vimeotheque allows SQL Injection.3.4.2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
Page 1 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy