Skip to main content
CVE-2025-27520 CRITICAL POC PATCH THREAT Act Now

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deserialization. The serving endpoint accepts pickled Python objects that are deserialized without validation, allowing attackers to execute arbitrary code on any BentoML inference server.

Python RCE Deserialization Bentoml
NVD GitHub
CVSS 3.1
9.8
EPSS
87.3%
Threat
6.1
CVE-2025-2075 HIGH POC PATCH THREAT Act Now

The Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.0%.

WordPress Authentication Bypass Privilege Escalation Uncanny Automator PHP
NVD
CVSS 3.1
8.8
EPSS
25.0%
Threat
4.0
CVE-2025-28146 CRITICAL POC THREAT Emergency

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%.

RCE Command Injection Code Injection Br 6478ac V3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
19.4%
CVE-2024-11235 CRITICAL POC PATCH Act Now

In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption PHP RCE Red Hat +1
NVD GitHub
CVSS 4.0
9.2
EPSS
1.5%
CVE-2025-3259 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Rx3 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
2.1%
CVE-2025-3236 MEDIUM POC This Month

A vulnerability was found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2025-3237 MEDIUM POC This Month

A vulnerability was found in Tenda FH1202 1.2.0.14(408). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Fh1202 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2025-3199 MEDIUM POC PATCH This Month

A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Java Ruoyi Ai
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-3266 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tinywebserver
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3202 MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in ageerle ruoyi-ai up to 2.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Java Ruoyi Ai
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-3216 MEDIUM POC This Month

A vulnerability was found in PHPGurukul e-Diary Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi E Diary Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3186 MEDIUM POC This Month

A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Doctor Appointment Booking System Php And Mysql
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3240 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Online Fire Reporting System 1.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3231 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Zoo Management System 2.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zoo Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3217 MEDIUM POC This Month

A vulnerability was found in PHPGurukul e-Diary Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi E Diary Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3213 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi E Diary Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3195 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Online Blood Bank Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3188 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul e-Diary Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi E Diary Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3187 MEDIUM POC This Month

A vulnerability was found in PHPGurukul e-Diary Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi E Diary Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-13645 CRITICAL Act Now

The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE Code Injection WordPress
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2025-2798 CRITICAL Act Now

The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation Woffice PHP
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-2244 CRITICAL Act Now

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Deserialization Gravityzone
NVD
CVSS 4.0
9.5
EPSS
1.9%
CVE-2024-51800 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-29476 MEDIUM POC This Month

Buffer Overflow vulnerability in compress_chunk_fuzzer with oss-fuzz on commit 16450518afddcb3139de627157208e49bfef6987 in c-blosc2 v.2.17.0 and before. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-32257 MEDIUM POC This Month

Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration allows Retrieve Embedded Sensitive Data.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2025-31403 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.0.3. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2025-3267 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in qinguoyi TinyWebServer up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Tinywebserver
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3257 MEDIUM POC This Month

A vulnerability classified as problematic has been found in xujiangfei admintwo 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Admintwo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3235 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3209 MEDIUM POC This Month

A vulnerability was found in code-projects Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3205 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in CodeAstro Student Grading System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Grading System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3245 MEDIUM POC This Month

A vulnerability was found in itsourcecode Library Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Library Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3241 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Java Youkefu
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3256 MEDIUM POC This Month

A vulnerability was found in xujiangfei admintwo 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Admintwo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3211 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3210 MEDIUM POC This Month

A vulnerability was found in code-projects Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3208 MEDIUM POC This Month

A vulnerability was found in code-projects Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3207 MEDIUM POC This Month

A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3206 MEDIUM POC This Month

A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3243 MEDIUM POC This Month

A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-32118 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP - Coming Soon & Maintenance allows Using Malicious Files.1.13. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2025-31480 CRITICAL Act Now

aiven-extras is a PostgreSQL extension. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Privilege Escalation
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-3229 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-25000 HIGH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass Google Edge Chromium +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2025-3251 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in xujiangfei admintwo 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Admintwo
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3219 MEDIUM POC This Month

A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Perfex Crm
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3253 MEDIUM POC This Month

A vulnerability was found in xujiangfei admintwo 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Admintwo
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3252 MEDIUM POC This Month

A vulnerability has been found in xujiangfei admintwo 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Admintwo
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2780 HIGH This Week

The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload Woffice PHP
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2025-32146 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.8
EPSS
0.6%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy