Skip to main content
CVE-2025-30406 CRITICAL POC KEV PATCH THREAT Act Now

Gladinet CentreStack contains a deserialization vulnerability caused by a hardcoded machineKey in the portal, allowing unauthenticated remote code execution through crafted ViewState payloads.

RCE Deserialization Centrestack
NVD
CVSS 3.1
9.0
EPSS
83.4%
Threat
7.3
CVE-2025-31161 CRITICAL POC KEV THREAT CERT-EU Emergency

CrushFTP 10 and 11 contain an authentication bypass allowing takeover of the crushadmin account through a race condition in the AWS4-HMAC authorization method, massively exploited in March-April 2025.

Authentication Bypass Crushftp
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
86.2%
Threat
7.5
CVE-2025-22457 CRITICAL POC KEV EUVD KEV THREAT CERT-EU Emergency

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow enabling unauthenticated remote code execution, the third major Ivanti VPN zero-day within fifteen months, exploited by UNC5221.

Ivanti Buffer Overflow RCE Stack Overflow Connect Secure +2
NVD
CVSS 3.1
9.0
EPSS
53.7%
Threat
6.4
CVE-2025-2945 CRITICAL POC PATCH THREAT Act Now

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoints. The query_commited and high_availability parameters are passed directly to Python's eval() function, allowing authenticated users to execute arbitrary Python code on the pgAdmin server.

RCE Code Injection Python Pgadmin 4 Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
77.9%
Threat
5.8
CVE-2025-29647 CRITICAL POC Act Now

SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-29369 CRITICAL POC Act Now

Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in /view_profile.php?id=1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Matrimonial Site
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-22611 CRITICAL POC Act Now

OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Openemr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-31489 HIGH POC PATCH This Week

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Red Hat Suse
NVD GitHub
CVSS 4.0
8.7
EPSS
4.9%
CVE-2025-29570 HIGH POC This Week

An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Lbt T300 T400 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-29504 HIGH POC This Week

Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Student Manage
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-3155 HIGH POC PATCH This Week

A flaw was found in Yelp. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Yelp Debian Linux Codeready Linux Builder Codeready Linux Builder For Arm64 +17
NVD GitHub
CVSS 3.1
7.4
EPSS
0.7%
CVE-2025-3167 HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Ac23 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.3%
CVE-2025-3146 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bus Pass Management System
NVD GitHub VulDB Exploit-DB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3185 MEDIUM POC This Month

A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Doctor Appointment Booking System Php And Mysql
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3184 MEDIUM POC This Month

A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical.php?patientId=1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Doctor Appointment Booking System Php And Mysql
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3183 MEDIUM POC This Month

A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Doctor Appointment Booking System Php And Mysql
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3182 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Doctor Appointment Booking System Php And Mysql
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3181 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Doctor Appointment Booking System Php And Mysql
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3180 MEDIUM POC This Month

A vulnerability classified as critical was found in projectworlds Online Doctor Appointment Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctor Appointment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3178 MEDIUM POC This Month

A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctor Appointment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3174 MEDIUM POC This Month

A vulnerability has been found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Lawyer Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3173 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Lawyer Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3168 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Time Table Generator System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Time Table Generator System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3151 MEDIUM POC This Month

A vulnerability was found in SourceCodester Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3138 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Security Guards Hiring System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3137 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Online Security Guards Hiring System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Security Guards Hiring System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3170 MEDIUM POC This Month

A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Lawyer Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2784 MEDIUM POC PATCH This Month

A flaw was found in libsoup. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libsoup Codeready Linux Builder Codeready Linux Builder For Arm64 +18
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2025-2055 MEDIUM POC This Month

The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mappress PHP
NVD WPScan
CVSS 3.1
6.8
EPSS
0.3%
CVE-2025-26817 CRITICAL Act Now

Netwrix Password Secure 9.2.0.32454 allows OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Password Secure
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2025-26818 CRITICAL Act Now

Netwrix Password Secure through 9.2 allows command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Code Injection Password Secure
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2025-29064 CRITICAL Act Now

An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection X18 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2025-22926 CRITICAL Act Now

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2025-22930 CRITICAL Act Now

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-22929 CRITICAL Act Now

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-22928 CRITICAL Act Now

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-31486 MEDIUM POC PATCH This Month

Vite is a frontend tooling framework for javascript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
2.5%
CVE-2025-3141 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Medicine Ordering System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-31911 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Social Share And Social Locker allows Blind SQL Injection.4.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2025-3142 MEDIUM POC This Month

A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Visitor Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3140 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Medicine Ordering System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3134 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Payroll Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3150 MEDIUM POC This Month

A vulnerability was found in itning Student Homework Management System up to 1.2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Student Homework Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3164 MEDIUM POC This Month

A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Supersonic
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-2946 CRITICAL PATCH Act Now

pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pgadmin 4 Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-45199 HIGH This Week

insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-45198 HIGH This Week

insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-29987 HIGH This Week

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerprotect Data Domain Data Domain Operating System Powerprotect Dm5500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-3161 HIGH This Week

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Ac10 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.8%
CVE-2025-30889 HIGH This Week

Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider allows Object Injection.0.13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.3%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy