Skip to main content
CVE-2025-45956 HIGH POC This Week

A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Computer Laboratory Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-46349 HIGH POC PATCH This Week

YesWiki is a wiki system written in PHP. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS File Upload Yeswiki
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2025-2817 HIGH PATCH This Week

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Mozilla
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-24252 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Apple
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-32354 HIGH This Week

In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zimbra Collaboration Suite
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-29906 HIGH This Week

Finit is a fast init for Linux systems. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-3501 HIGH PATCH This Week

A flaw was found in Keycloak. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-4091 HIGH PATCH This Week

Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-4093 HIGH PATCH This Week

Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-23181 HIGH This Week

CWE-250: Execution with Unnecessary Privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-23180 HIGH This Week

CWE-250: Execution with Unnecessary Privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-3891 HIGH PATCH This Week

A flaw was found in the mod_auth_openidc module for Apache httpd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Http Server Enterprise Linux Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2025-24206 HIGH This Week

An authentication issue was addressed with improved state management. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-23177 HIGH This Week

CWE-427: Uncontrolled Search Path Element. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2025-23178 HIGH This Week

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2025-30194 HIGH PATCH This Week

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Suse
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-57698 HIGH This Week

An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modernwms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-4085 HIGH PATCH This Week

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy