Skip to main content
CVE-2025-45240 MEDIUM POC This Month

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Foxcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-43849 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.3%
CVE-2025-29573 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mezzanine
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-45751 MEDIUM POC This Month

SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add-admin.php via the Fullname text field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Web Based Pharmacy Product Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-43852 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.0%
CVE-2025-43851 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.0%
CVE-2025-43850 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.0%
CVE-2025-43848 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.0%
CVE-2025-43847 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.0%
CVE-2025-43846 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.0%
CVE-2025-1909 CRITICAL Act Now

The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple WordPress Authentication Bypass Buddyboss Platform PHP
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-4052 CRITICAL PATCH Act Now

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Suse
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-4318 CRITICAL Act Now

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 4.0
9.5
EPSS
0.2%
CVE-2025-46719 MEDIUM POC PATCH GHSA This Month

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python RCE XSS Open Webui
NVD GitHub
CVSS 4.0
5.4
EPSS
0.2%
CVE-2025-45236 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dbsyncer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-46559 MEDIUM POC PATCH This Month

Misskey is an open source, federated social media platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. Public exploit code available.

Path Traversal Misskey
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-4259 MEDIUM POC This Month

A vulnerability has been found in newbee-mall 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Newbee Mall
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-4291 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Ideacms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-45320 MEDIUM POC This Month

A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Online Service Management Portal
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-45239 MEDIUM POC This Month

An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Foxcms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-4260 MEDIUM POC This Month

A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Youkefu
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-43845 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
2.2%
CVE-2025-4282 MEDIUM POC This Month

A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Stock Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-46571 MEDIUM POC PATCH GHSA This Month

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Open Webui
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-43842 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
2.0%
CVE-2025-43844 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
1.9%
CVE-2025-24977 CRITICAL PATCH Act Now

OpenCTI is an open cyber threat intelligence (CTI) platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Opencti
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2025-43843 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
1.3%
CVE-2025-4267 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester/oretnom23 Stock Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Stock Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4286 MEDIUM POC This Month

A vulnerability was found in Intelbras InControl up to 2.21.59. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Incontrol Web
NVD VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4257 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seacms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4256 MEDIUM POC This Month

A vulnerability classified as problematic was found in SeaCMS 13.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seacms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-2905 CRITICAL PATCH Act Now

Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Api Manager
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-4279 HIGH This Week

The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'external_image_replace_get_posts::replace_post' function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-4096 HIGH PATCH This Week

Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-3583 MEDIUM POC This Month

The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Newsletter PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-4050 HIGH PATCH This Week

Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-4293 MEDIUM POC This Month

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mrcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4292 MEDIUM POC This Month

A vulnerability has been found in MRCMS 3.1.3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mrcms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-20668 HIGH This Week

In scp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-45242 HIGH This Week

Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure PHP Rhymix
NVD GitHub
CVSS 3.1
7.7
EPSS
0.4%
CVE-2025-20666 HIGH This Week

In Modem, there is a possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nr15
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2025-20667 HIGH This Week

In Modem, there is a possible information disclosure due to incorrect error handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lr12a Lr13 Nr15 Nr16 +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-46731 HIGH PATCH This Week

Craft is a content management system. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity.

RCE Ssti Craft Cms
NVD GitHub
CVSS 4.0
7.3
EPSS
0.9%
CVE-2025-0217 HIGH This Week

BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privileged Remote Access
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-4272 HIGH This Week

A vulnerability was found in Mechrevo Control Console 1.0.2.70. Rated high severity (CVSS 7.3). No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-46340 HIGH PATCH This Week

Misskey is an open source, federated social media platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Misskey
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-20671 HIGH This Week

In thermal, there is a possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-43915 MEDIUM PATCH This Month

In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for Linkerd releases 2.13.0-2.13.7, 2.14.0-2.14.10, 2.15.0-2.15.7, 2.16.0-2.16.4, and 2.17.0-2.17.1, resource exhaustion can occur. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Buoyant Linkerd Suse
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-39363 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Stored XSS.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Custom Login And Registration
NVD
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy