Skip to main content
CVE-2025-27134 HIGH POC PATCH THREAT Act Now

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%.

Authentication Bypass Privilege Escalation Joplin
NVD GitHub
CVSS 3.1
8.8
EPSS
13.4%
CVE-2025-32444 CRITICAL POC PATCH Act Now

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Vllm Red Hat
NVD GitHub
CVSS 3.1
10.0
EPSS
2.5%
CVE-2025-45017 CRITICAL POC Act Now

A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Park Ticketing Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2025-45018 CRITICAL POC Act Now

A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-44192 CRITICAL POC Act Now

SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Barangay Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-46558 CRITICAL POC PATCH Act Now

XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
3.0%
CVE-2025-32973 CRITICAL POC PATCH Act Now

XWiki is a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
2.2%
CVE-2025-4142 HIGH POC This Week

A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow Ex6200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-4141 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow Ex6200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-4140 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow Ex6120 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-46342 HIGH POC PATCH This Week

Kyverno is a policy engine designed for cloud native platform engineering teams. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Kubernetes Authentication Bypass Kyverno Suse
NVD GitHub
CVSS 3.1
8.5
EPSS
0.3%
CVE-2025-44193 HIGH POC This Week

SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_complaint. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Barangay Management System
NVD GitHub
CVSS 3.1
7.6
EPSS
0.2%
CVE-2025-27409 HIGH POC PATCH This Week

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Joplin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-30202 HIGH POC PATCH This Week

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Vllm Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-44194 HIGH POC This Week

SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Barangay Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-45020 HIGH POC This Week

A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-4112 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Student Record System 3.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Record System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4108 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Record System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-46560 MEDIUM POC PATCH This Month

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vllm Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2025-45015 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Park Ticketing Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-32970 MEDIUM POC PATCH This Month

XWiki is a generic wiki platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-30390 CRITICAL Act Now

Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Machine Learning
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2025-30392 CRITICAL Act Now

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Ai Bot Service
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-45019 MEDIUM POC This Month

A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Park Ticketing Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-45011 MEDIUM POC This Month

A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Park Ticketing Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-45010 MEDIUM POC This Month

A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Park Ticketing Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-45009 MEDIUM POC This Month

A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Park Ticketing Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-4113 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Curfew E Pass Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4111 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre School Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4110 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre School Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4109 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre School Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-45021 MEDIUM POC This Month

A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Directory Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-46554 MEDIUM POC PATCH This Month

XWiki is a generic wiki platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-32974 CRITICAL PATCH Act Now

XWiki is a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
1.4%
CVE-2025-4120 HIGH This Week

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Buffer Overflow Jwnr2000V2 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-3471 MEDIUM POC This Month

The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Sureforms PHP
NVD WPScan
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-4139 HIGH This Week

A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Buffer Overflow Ex6120 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2025-24351 HIGH This Week

A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-4116 HIGH This Week

A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Buffer Overflow Jwnr2000 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.7%
CVE-2025-4115 HIGH This Week

A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Buffer Overflow Jwnr2000 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.7%
CVE-2025-4114 HIGH This Week

A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Buffer Overflow Jwnr2000 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.7%
CVE-2025-45007 MEDIUM POC This Month

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Time Table Generator System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-27611 HIGH PATCH This Week

base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-30389 HIGH This Week

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Azure Ai Bot Service
NVD
CVSS 3.1
8.7
EPSS
0.3%
CVE-2025-21416 HIGH This Week

Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Authentication Bypass Azure Virtual Desktop
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-9876 HIGH This Week

: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-3394 HIGH This Week

Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Automation Builder
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-46557 HIGH PATCH This Week

XWiki is a generic wiki platform. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xwiki
NVD GitHub
CVSS 4.0
8.4
EPSS
0.4%
CVE-2025-3395 HIGH This Week

Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.8.0. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Automation Builder
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-32777 HIGH PATCH This Week

Volcano is a Kubernetes-native batch scheduling system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Privilege Escalation Elastic Denial Of Service Suse
NVD GitHub
CVSS 4.0
8.2
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy