Skip to main content
CVE-2025-4759 MEDIUM POC PATCH This Month

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Lockfile Lint Api
NVD GitHub
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-4749 HIGH POC This Week

A vulnerability classified as critical was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Di 7003G Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.8%
CVE-2025-4747 MEDIUM This Month

A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.1%
CVE-2025-4746 MEDIUM POC This Week

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-48175 MEDIUM POC PATCH Monitor

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. Public exploit code available.

Integer Overflow Buffer Overflow Libavif Suse
NVD GitHub
CVSS 3.1
4.5
EPSS
0.3%
CVE-2025-48174 MEDIUM PATCH Monitor

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required.

Integer Overflow Buffer Overflow Libavif Suse
NVD GitHub
CVSS 3.1
4.5
EPSS
0.4%
CVE-2025-4745 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee Record System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4744 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in code-projects Employee Record System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee Record System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-4743 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Employee Record System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Employee Record System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4742 MEDIUM Monitor

A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4741 MEDIUM POC This Week

A vulnerability was found in Campcodes Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4740 MEDIUM Monitor

A vulnerability was found in BeamCtrl Airiana up to 11.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4739 MEDIUM POC This Week

A vulnerability was found in projectworlds Hospital Database Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Database Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4169 MEDIUM This Month

The Posts per Cat [Unmaintained plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ppc' shortcode in all versions up to, and including, 1.4.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-4736 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Daily Expense Tracker 1.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Daily Expense Tracker
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4735 MEDIUM POC This Month

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-4733 HIGH This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2025-4732 HIGH This Month

A vulnerability classified as critical was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2025-47809 HIGH This Month

Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-51475 MEDIUM This Month

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-4731 HIGH This Month

A vulnerability classified as critical has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2025-4730 HIGH This Month

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2025-4729 MEDIUM This Month

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.4%
CVE-2025-47930 MEDIUM PATCH This Month

Zulip is an open-source team chat application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Zulip
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy