Skip to main content
CVE-2025-45322 HIGH POC This Week

kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Service Management Portal
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-45321 HIGH POC This Week

kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Service Management Portal
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-46335 HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Google XSS Apple Mobile Security Framework +3
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-28062 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Privilege Escalation Erpnext
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-46726 HIGH POC PATCH This Week

Langroid is a framework for building large-language-model-powered applications. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Langroid
NVD GitHub
CVSS 4.0
7.8
EPSS
0.4%
CVE-2025-45610 HIGH POC This Week

Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Passjava
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-45614 HIGH POC This Week

Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass One
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-45613 HIGH POC This Week

Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Shiro Action
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-45609 HIGH POC This Week

Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kob
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-45608 HIGH POC This Week

Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xinguan
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-45237 HIGH POC This Week

Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dbsyncer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-45617 HIGH POC This Week

Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Production Ssm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-43849 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.3%
CVE-2025-43852 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.0%
CVE-2025-43851 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.0%
CVE-2025-43850 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.0%
CVE-2025-43848 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.0%
CVE-2025-43847 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.0%
CVE-2025-43846 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
6.0%
CVE-2025-43845 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
2.2%
CVE-2025-43842 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
2.0%
CVE-2025-43844 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
1.9%
CVE-2025-43843 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
1.3%
CVE-2025-4279 HIGH This Week

The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'external_image_replace_get_posts::replace_post' function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-4096 HIGH PATCH This Week

Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Heap Overflow Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-4050 HIGH PATCH This Week

Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-20668 HIGH This Week

In scp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-45242 HIGH This Week

Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure PHP Rhymix
NVD GitHub
CVSS 3.1
7.7
EPSS
0.4%
CVE-2025-20666 HIGH This Week

In Modem, there is a possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nr15
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2025-20667 HIGH This Week

In Modem, there is a possible information disclosure due to incorrect error handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lr12a Lr13 Nr15 Nr16 +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-46731 HIGH PATCH This Week

Craft is a content management system. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity.

RCE Ssti Craft Cms
NVD GitHub
CVSS 4.0
7.3
EPSS
0.9%
CVE-2025-0217 HIGH This Week

BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privileged Remote Access
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-4272 HIGH This Week

A vulnerability was found in Mechrevo Control Console 1.0.2.70. Rated high severity (CVSS 7.3). No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-46340 HIGH PATCH This Week

Misskey is an open source, federated social media platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Misskey
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-20671 HIGH This Week

In thermal, there is a possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-27920 HIGH KEV THREAT Act Now

Output Messenger before 2.0.63 contains a directory traversal vulnerability enabling attackers to access files outside the intended directory through path manipulation in parameters.

Path Traversal Output Messenger
NVD
CVSS 3.1
7.2
EPSS
52.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy