Skip to main content
CVE-2025-4918 CRITICAL POC PATCH Act Now

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-4815 MEDIUM POC This Month

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4389 CRITICAL Act Now

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2025-4391 CRITICAL Act Now

The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions up to,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2025-4919 HIGH PATCH This Week

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Mozilla
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-33103 HIGH This Week

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-4194 MEDIUM This Month

The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-4189 MEDIUM This Month

The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP CSRF
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-4842 HIGH POC This Week

A vulnerability was found in D-Link DCS-932L 2.18.01. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dcs 932l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-4841 HIGH POC This Week

A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dcs 932l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-4921 Awaiting Data

Rejected reason: Duplicate of CVE-2025-4919. No vendor patch available.

Information Disclosure
NVD
CVE-2025-4920 Awaiting Data

Rejected reason: Duplicate of CVE-2025-4918. No vendor patch available.

Information Disclosure
NVD
CVE-2025-4839 LOW POC Monitor

A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Java Paicoding
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-4838 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4837 MEDIUM POC This Week

A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Project Allocation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4836 MEDIUM POC This Week

A vulnerability was found in Projectworlds Life Insurance Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Life Insurance Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4835 HIGH This Month

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A702r Firmware A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-13965 Awaiting Data

Rejected reason: wrong year. No vendor patch available.

Information Disclosure
NVD
CVE-2024-13964 Awaiting Data

Rejected reason: wrong year. No vendor patch available.

Information Disclosure
NVD
CVE-2025-4834 HIGH This Month

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A702r Firmware A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-47948 HIGH PATCH This Month

Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-47945 CRITICAL POC PATCH Act Now

Donetick an open-source app for managing tasks and chores. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Donetick
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-4833 HIGH This Month

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A702r Firmware A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-4832 HIGH This Month

A vulnerability has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A702r Firmware A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-4831 HIGH This Month

A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A702r Firmware A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-4830 HIGH This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A702r Firmware A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2025-47931 LOW POC PATCH Monitor

LibreNMS is PHP/MySQL/SNMP based network monitoring software. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-47273 HIGH POC PATCH This Month

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python RCE Path Traversal Setuptools Debian Linux +2
NVD GitHub
CVSS 4.0
7.7
EPSS
0.5%
CVE-2025-4829 HIGH This Month

A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A702r Firmware A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2025-4827 HIGH This Month

A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A702r Firmware A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2025-4101 MEDIUM PATCH Monitor

The MultiVendorX - WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'delete_fpm_product'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

WordPress Authentication Bypass Multivendorx PHP
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-48187 CRITICAL POC PATCH Act Now

RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Ragflow
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-4669 MEDIUM PATCH This Month

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all versions up to, and including, 10.11.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Booking Calendar PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-3888 MEDIUM PATCH This Month

The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Jupiter X Core PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-3527 MEDIUM This Month

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Eventon PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13613 HIGH PATCH This Month

The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Wise Chat
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-4826 HIGH This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A702r Firmware A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2025-4825 HIGH This Month

A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A702r Firmware A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2025-4824 HIGH This Month

A vulnerability classified as critical has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A702r Firmware A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2025-4823 HIGH This Month

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A702r Firmware A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2025-4610 MEDIUM This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-4819 LOW POC Monitor

A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Ruoyi
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.3%
CVE-2025-4190 HIGH POC This Month

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Csv Mass Importer PHP
NVD WPScan
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-3812 HIGH This Month

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld_openai_delete_training_file() function in all. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE
NVD
CVSS 3.1
8.1
EPSS
2.2%
CVE-2025-4818 MEDIUM POC This Week

A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4817 MEDIUM POC This Week

A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4816 MEDIUM POC This Week

A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4814 MEDIUM POC This Week

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-1706 HIGH This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-47893 MEDIUM This Month

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy