Skip to main content
CVE-2025-46348 CRITICAL POC PATCH Act Now

YesWiki is a wiki system written in PHP. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Yeswiki
NVD GitHub
CVSS 3.1
10.0
EPSS
0.4%
CVE-2025-45956 HIGH POC This Week

A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Computer Laboratory Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-46349 HIGH POC PATCH This Week

YesWiki is a wiki system written in PHP. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS File Upload Yeswiki
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2025-4079 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PCMan FTP Server up to 2.0.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftp Server
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-46338 MEDIUM POC PATCH This Month

Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Audiobookshelf
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4074 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Curfew E Pass Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4073 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Student Record System 3.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Record System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4071 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid19 Testing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4070 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rail Pass Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4058 MEDIUM POC This Month

A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4060 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Notice Board System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-46347 MEDIUM POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP RCE Yeswiki
NVD GitHub
CVSS 4.0
5.8
EPSS
4.0%
CVE-2025-1194 MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Transformers
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-46346 MEDIUM POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yeswiki
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2025-25962 CRITICAL Act Now

An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-25403 CRITICAL Act Now

Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-0520 CRITICAL PATCH Act Now

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.8.7. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 4.0
9.4
EPSS
2.0%
CVE-2025-4078 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.3
EPSS
1.8%
CVE-2025-4076 MEDIUM POC This Month

A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.1%
CVE-2025-4072 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Nurse Hiring System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-40618 CRITICAL Act Now

SQL injection vulnerability in Bookgy. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Bookgy
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-40617 CRITICAL Act Now

SQL injection vulnerability in Bookgy. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Bookgy
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-4080 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Nurse Hiring System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-40619 CRITICAL Act Now

Bookgy does not provide for proper authorisation control in multiple areas of the application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bookgy
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-4083 CRITICAL PATCH Act Now

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-2817 HIGH PATCH This Week

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Mozilla
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-24252 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Apple
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-32354 HIGH This Week

In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zimbra Collaboration Suite
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-4077 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects School Billing System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow School Billing System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4069 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Product Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4068 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Simple Movie Ticket Booking System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Simple Movie Ticket Booking System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4059 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Prison Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Prison Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4063 MEDIUM POC This Month

A vulnerability was found in code-projects Student Information Management System 1.0 and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Student Information Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4062 MEDIUM POC This Month

A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Theater Seat Booking System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4061 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Clothing Store Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-29906 HIGH This Week

Finit is a fast init for Linux systems. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-46549 MEDIUM POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yeswiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-46550 MEDIUM POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yeswiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2025-3501 HIGH PATCH This Week

A flaw was found in Keycloak. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-4091 HIGH PATCH This Week

Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-4093 HIGH PATCH This Week

Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-23181 HIGH This Week

CWE-250: Execution with Unnecessary Privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-23180 HIGH This Week

CWE-250: Execution with Unnecessary Privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-3891 HIGH PATCH This Week

A flaw was found in the mod_auth_openidc module for Apache httpd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Http Server Enterprise Linux Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2025-24206 HIGH This Week

An authentication issue was addressed with improved state management. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-23177 HIGH This Week

CWE-427: Uncontrolled Search Path Element. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2025-23178 HIGH This Week

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2025-30194 HIGH PATCH This Week

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Suse
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-46350 LOW POC PATCH Monitor

YesWiki is a wiki system written in PHP. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yeswiki
NVD GitHub
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-57698 HIGH This Week

An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modernwms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy