Skip to main content
CVE-2025-48827 CRITICAL POC THREAT Emergency

vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 are vulnerable to remote code execution through crafted template conditional expressions. Attackers abuse PHP's alternative function invocation syntax to bypass template engine security checks and execute arbitrary PHP code, as actively exploited in the wild in May 2025.

Information Disclosure PHP Vbulletin
NVD
CVSS 3.1
10.0
EPSS
69.4%
Threat
5.6
CVE-2025-48828 CRITICAL POC THREAT Emergency

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 running on PHP 8.1 or later allow unauthenticated access to protected API controllers. The /api.php endpoint fails to properly enforce method visibility on PHP 8.1+, enabling attackers to invoke internal API methods that should be restricted, as exploited in the wild in May 2025.

PHP RCE Vbulletin
NVD
CVSS 3.1
9.0
EPSS
73.7%
Threat
5.5
CVE-2025-5245 MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5244 MEDIUM POC PATCH This Month

A vulnerability was found in GNU Binutils up to 2.44. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5268 HIGH PATCH This Week

Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-5269 HIGH PATCH This Week

Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-5270 HIGH PATCH This Week

In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-5272 HIGH PATCH This Week

Memory safety bugs present in Firefox 138 and Thunderbird 138. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-48798 HIGH PATCH This Week

A flaw was found in GIMP when processing XCF image files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-48797 HIGH PATCH This Week

A flaw was found in GIMP when processing certain TGA image files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-48796 HIGH PATCH This Week

A flaw was found in GIMP. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5222 HIGH PATCH This Week

A stack buffer overflow was found in Internationl components for unicode (ICU ). Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow RCE International Components For Unicode
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-5271 MEDIUM PATCH This Month

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-3704 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DBAR Productions Volunteer Sign Up Sheets allows Stored XSS.5.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-5267 MEDIUM PATCH This Month

A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-47090 MEDIUM This Month

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagvis
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-5264 MEDIUM PATCH This Month

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE Mozilla
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-5265 MEDIUM PATCH This Month

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection RCE Mozilla
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-5278 MEDIUM PATCH This Month

A flaw was found in GNU Coreutils. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Stack Overflow
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-5266 MEDIUM PATCH This Month

Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2025-5263 MEDIUM PATCH This Month

Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-48370 LOW PATCH Monitor

auth-js is an isomorphic Javascript library for Supabase Auth. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
2.7
EPSS
0.2%
CVE-2025-2826 LOW Monitor

n affected platforms running Arista EOS, ACL policies may not be enforced. Rated low severity (CVSS 2.6). No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
2.6
EPSS
0.1%
CVE-2025-2796 MEDIUM This Month

On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-45094 MEDIUM This Month

IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Hardware Management Console R10 0 Firmware Hardware Management Console R9 4 Firmware Hardware Management Console R9 3 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-11185 MEDIUM This Month

On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-40911 MEDIUM PATCH This Month

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-32440 CRITICAL This Week

NetAlertX is a network, presence scanner and alert framework. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Netalertx
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-5283 MEDIUM PATCH This Month

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +2
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-5281 MEDIUM PATCH This Month

Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-5280 HIGH PATCH This Month

Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-5279 HIGH PATCH This Month

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Python Red Hat
NVD GitHub
CVSS 4.0
7.0
EPSS
0.2%
CVE-2025-5198 MEDIUM This Month

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes XSS Advanced Cluster Security Stackrox Red Hat
NVD GitHub
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-5067 MEDIUM PATCH This Month

Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-5066 MEDIUM PATCH This Month

Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5065 MEDIUM PATCH This Month

Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5064 MEDIUM PATCH This Month

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-5063 HIGH PATCH This Month

Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-46173 MEDIUM POC This Month

code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via the name field in the feedback form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Exam Mastering System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-45529 HIGH POC This Month

An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Siteserver Cms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-13966 MEDIUM This Month

ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value '123456'. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Biotime
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-5252 MEDIUM POC This Week

A vulnerability was found in PHPGurukul News Portal Project 4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi News Portal Project
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-45475 MEDIUM POC This Month

maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Maccms
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-49197 MEDIUM This Month

An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Samsung Exynos 980 Firmware Exynos 850 Firmware +8
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-5251 MEDIUM POC This Week

A vulnerability was found in PHPGurukul News Portal Project 4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi News Portal Project
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5250 MEDIUM POC This Week

A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi News Portal Project
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5249 MEDIUM POC This Week

A vulnerability has been found in PHPGurukul News Portal Project 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi News Portal Project
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-48057 CRITICAL PATCH This Week

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Icinga Suse
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-23247 MEDIUM Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Cuda Toolkit
NVD
CVSS 3.1
4.4
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy