Skip to main content
CVE-2025-40664 CRITICAL Act Now

Missing authentication vulnerability in TCMAN GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gim
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-40665 HIGH This Week

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Gim
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-39498 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight - Social Media Feeds (Premium) allows Retrieve Embedded Sensitive Data.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-5212 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Employee Record Management System 1.3. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Employee Record Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5211 MEDIUM POC This Week

A vulnerability was found in PHPGurukul Employee Record Management System 1.3 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Employee Record Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5210 MEDIUM POC This Week

A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Employee Record Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5208 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5207 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Client Database Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-5206 MEDIUM POC This Month

A vulnerability classified as critical was found in Pixelimity 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pixelimity
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-5205 MEDIUM POC This Week

A vulnerability classified as critical has been found in 1000 Projects Daily College Class Work Report Book 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Daily College Class Work Report Book
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5204 MEDIUM POC PATCH Monitor

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5203 MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5202 MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5201 MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5200 MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic.cpp. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-46802 MEDIUM PATCH This Month

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-23395 HIGH PATCH This Month

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Suse
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-23394 CRITICAL PATCH This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.8.4-2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Suse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-23392 MEDIUM PATCH This Month

A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Suse
NVD
CVSS 4.0
5.6
EPSS
0.3%
CVE-2025-46803 MEDIUM PATCH This Month

The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Suse
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-37992 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-5196 HIGH POC This Month

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Wing Ftp Server Red Hat
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
1.5%
CVE-2025-46805 MEDIUM PATCH This Month

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-46804 LOW Monitor

A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-5186 MEDIUM POC This Month

A vulnerability was found in thinkgem JeeSite up to 5.11.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jeesite
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-5185 MEDIUM This Month

A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-40667 HIGH This Month

Missing authorization vulnerability in TCMAN's GIM v11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gim
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-40666 HIGH This Month

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Gim
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-40663 MEDIUM This Month

Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos version 23.02.01.17, from i2A. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-40653 MEDIUM This Month

User enumeration vulnerability in M3M Printer Server Web. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-40652 MEDIUM This Month

Stored Cross-Site Scripting (XSS) vulnerability in the CoverManager booking software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-40650 HIGH This Month

Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-5184 MEDIUM This Month

A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Vacation Rental Management Platform
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-5183 MEDIUM This Month

A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Vacation Rental Management Platform
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-5182 MEDIUM POC This Month

A vulnerability has been found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vacation Rental Management Platform
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-5181 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vacation Rental Management Platform
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-5180 HIGH POC This Month

A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Rated high severity (CVSS 7.3). Public exploit code available and no vendor patch available.

Information Disclosure Filmora
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-5179 MEDIUM Monitor

A vulnerability classified as problematic was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Queue Ticket Kiosk
NVD VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2025-5178 MEDIUM This Month

A vulnerability classified as critical has been found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass File Upload Queue Ticket Kiosk
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-5177 MEDIUM This Month

A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Queue Ticket Kiosk
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-4057 MEDIUM PATCH This Month

A flaw was found in ActiveMQ Artemis. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-4053 MEDIUM This Month

The data stored in Be-Tech Mifare Classic card is stored in cleartext. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-40672 HIGH This Month

A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-40671 CRITICAL This Week

SQL injection vulnerability in AES Multimedia's Gestnet v1.07. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-35003 CRITICAL POC Act Now

Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Buffer Overflow RCE Denial Of Service Nuttx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-41655 HIGH This Month

An unauthenticated remote attacker can access a URL which causes the device to reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-41654 HIGH This Month

An unauthenticated remote attacker can access information about running processes via the SNMP protocol. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2025-1985 MEDIUM This Month

Due to improper neutralization of input during web page generation (XSS) an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-5176 MEDIUM This Month

A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Queue Ticket Kiosk
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-5175 MEDIUM POC PATCH Monitor

A vulnerability was found in erdogant pypickle up to 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Pypickle
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy