Skip to main content
CVE-2025-46348 CRITICAL POC PATCH Act Now

YesWiki is a wiki system written in PHP. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Yeswiki
NVD GitHub
CVSS 3.1
10.0
EPSS
0.4%
CVE-2025-25962 CRITICAL Act Now

An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-25403 CRITICAL Act Now

Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-0520 CRITICAL PATCH Act Now

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.8.7. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 4.0
9.4
EPSS
2.0%
CVE-2025-40618 CRITICAL Act Now

SQL injection vulnerability in Bookgy. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Bookgy
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-40617 CRITICAL Act Now

SQL injection vulnerability in Bookgy. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Bookgy
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-40619 CRITICAL Act Now

Bookgy does not provide for proper authorisation control in multiple areas of the application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bookgy
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-4083 CRITICAL PATCH Act Now

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy