Skip to main content
CVE-2025-2563 HIGH POC THREAT Act Now

The User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their account role when the Membership Addon is enabled. This allows unauthenticated users to register with administrator privileges, bypassing all intended access controls.

WordPress Privilege Escalation User Registration Membership PHP
NVD WPScan
CVSS 3.1
8.1
EPSS
83.9%
Threat
5.6
CVE-2025-31490 HIGH POC PATCH This Week

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python SSRF Autogpt Platform
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-3556 MEDIUM POC This Month

A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure PHP Ecommerce Website In Php
NVD VulDB
CVSS 4.0
6.3
EPSS
0.8%
CVE-2025-3555 MEDIUM POC This Month

A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure PHP Ecommerce Website In Php
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-9230 MEDIUM POC This Month

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Powerpress
NVD WPScan
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-1782 CRITICAL Act Now

Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. No vendor patch available.

Red Hat Code Injection RCE
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-22371 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-3593 MEDIUM POC This Month

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload My Blog Layui
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3558 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in ghostxbh uzy-ssm-mall 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Uzy Ssm Mall
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3587 MEDIUM POC This Month

A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Studentmanager
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3585 MEDIUM POC This Month

A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Cicadascms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3564 MEDIUM POC This Month

A vulnerability classified as problematic has been found in huanfenz/code-projects StudentManager up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Studentmanager
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3557 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Ecommerce Website In Php
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3561 MEDIUM POC This Month

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Uzy Ssm Mall
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3559 MEDIUM POC This Month

A vulnerability has been found in ghostxbh uzy-ssm-mall 1.0.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Uzy Ssm Mall
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3553 MEDIUM POC This Month

A vulnerability was found in phpshe 1.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Phpshe
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3589 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Music Class Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Music Class Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3554 MEDIUM POC This Month

A vulnerability was found in phpshe 1.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpshe
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3569 MEDIUM POC This Month

A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Db Hospital Drug
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-22372 CRITICAL Act Now

Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-32931 CRITICAL Act Now

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-3565 MEDIUM POC This Month

A vulnerability classified as critical was found in huanfenz/code-projects StudentManager 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Studentmanager
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-3563 MEDIUM POC This Month

A vulnerability was found in WuzhiCMS 4.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Wuzhicms
NVD VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-3592 MEDIUM POC This Month

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Blog Layui
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3591 MEDIUM POC This Month

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Blog Layui
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3570 MEDIUM POC This Month

A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Db Hospital Drug
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3560 MEDIUM POC This Month

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Uzy Ssm Mall
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3568 MEDIUM POC This Month

A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Krayin Crm
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-29720 MEDIUM POC This Month

Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-3546 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Magic Nx15 Firmware Magic Nx30 Pro Firmware Magic Nx400 Firmware Magic R3010 Firmware +1
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
1.0%
CVE-2025-22373 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-3545 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-3544 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-3543 HIGH This Week

A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-3542 HIGH This Week

A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-2160 HIGH This Week

Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-32913 HIGH PATCH This Week

A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2025-32906 HIGH PATCH This Week

A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-32908 HIGH PATCH This Week

A flaw was found in libsoup. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-3572 HIGH This Week

SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Smartrobot Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-32914 HIGH PATCH This Week

Out-of-bounds read in libsoup's soup_multipart_new_from_message() function allows remote attackers to disclose sensitive memory contents and potentially crash server applications. Malicious HTTP clients can trigger this memory safety flaw (CWE-125) by sending crafted multipart messages to libsoup-based servers, affecting Red Hat Enterprise Linux distributions and Debian systems. With EPSS at 0.52% (67th percentile) and no confirmed active exploitation, this represents moderate real-world risk requiring assessment of deployment exposure to untrusted HTTP clients.

Information Disclosure Buffer Overflow
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2025-31344 HIGH PATCH This Week

Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Red Hat Suse
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-2161 HIGH PATCH This Week

Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform Suse
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-27009 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro allows Stored XSS.6.20. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-3277 MEDIUM PATCH CISA This Month

An integer overflow can be triggered in SQLite’s `concat_ws()` function. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Sqlite Red Hat +1
NVD
CVSS 4.0
6.9
EPSS
0.7%
CVE-2025-3566 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in veal98 小牛肉 Echo 开源社区系统 4.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-32912 MEDIUM PATCH This Month

A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-32910 MEDIUM PATCH This Month

A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-49825 MEDIUM This Month

IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2022-43851 MEDIUM This Month

IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Aspera Console
NVD
CVSS 3.1
5.9
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy