Skip to main content
CVE-2025-3248 CRITICAL POC KEV PATCH THREAT Act Now

Langflow before 1.3.0 allows unauthenticated remote code injection through the /api/v1/validate/code endpoint, enabling attackers to execute arbitrary Python code on the server without authentication.

Authentication Bypass Langflow
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
92.1%
Threat
7.7
CVE-2025-28412 CRITICAL POC Act Now

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-28410 CRITICAL POC Act Now

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-28406 CRITICAL POC Act Now

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-28405 CRITICAL POC Act Now

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-28402 CRITICAL POC Act Now

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-28409 HIGH POC This Week

{parentId} endpoint does not properly validate whether the requesting user has permission to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-28407 HIGH POC This Week

{dictId} endpoint does not properly validate whether the requesting user has permission to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-3328 HIGH POC This Week

A vulnerability was found in Tenda AC1206 15.03.06.23. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac1206 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2025-3380 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3379 MEDIUM POC This Month

A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3377 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3376 MEDIUM POC This Month

A vulnerability was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3373 MEDIUM POC This Month

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3372 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3371 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3349 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-3345 MEDIUM POC This Month

A vulnerability was found in codeprojects Online Restaurant Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3344 MEDIUM POC This Month

A vulnerability was found in codeprojects Online Restaurant Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3343 MEDIUM POC This Month

A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3342 MEDIUM POC This Month

A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3341 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3340 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3339 MEDIUM POC This Month

A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3338 MEDIUM POC This Month

A vulnerability classified as critical has been found in codeprojects Online Restaurant Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3334 MEDIUM POC This Month

A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3333 MEDIUM POC This Month

A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3332 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3331 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3330 MEDIUM POC This Month

A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3383 MEDIUM POC This Month

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3370 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3350 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3353 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Men Salon Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-3337 MEDIUM POC This Month

A vulnerability was found in codeprojects Online Restaurant Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-3335 MEDIUM POC This Month

A vulnerability was found in codeprojects Online Restaurant Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-28401 MEDIUM POC This Month

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Ruoyi
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2025-28400 MEDIUM POC This Month

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Ruoyi
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2025-29482 MEDIUM POC PATCH This Month

Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libheif Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-20654 CRITICAL Act Now

In wlan service, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Software Development Kit Mt7622 +6
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2025-29480 MEDIUM POC This Month

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Gdal Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-29478 MEDIUM POC This Month

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fluent Bit
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-3381 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Java Youkefu
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-46494 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Typecho
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-3369 MEDIUM POC This Month

A vulnerability was found in xxyopen Novel-Plus 5.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus D-Link
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3348 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3347 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3388 MEDIUM POC This Month

A vulnerability classified as problematic was found in hailey888 oa_system up to 2025.01.01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3326 MEDIUM POC This Month

A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Iboot
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3327 MEDIUM POC This Month

A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Iboot
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy