Skip to main content
CVE-2025-5287 HIGH POC THREAT Act Now

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.0% and no vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
10.0%
CVE-2025-27703 HIGH This Month

CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Secure Access
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2025-31501 HIGH This Month

Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Request Tracker
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-31500 HIGH This Month

Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Request Tracker
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-30087 HIGH This Month

Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Request Tracker
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-32801 HIGH PATCH This Month

Kea configuration and API directives can be used to load a malicious hook library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-4134 HIGH This Month

Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-48734 HIGH PATCH This Month

Improper Access Control vulnerability in Apache Commons. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache Authentication Bypass Java Commons Beanutils +2
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-45997 HIGH POC This Week

Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Web Based Pharmacy Product Management System
NVD GitHub
CVSS 3.1
8.6
EPSS
0.7%
CVE-2025-1753 HIGH POC PATCH This Month

LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection RCE Llamaindex Red Hat
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-25251 HIGH This Month

An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-4800 HIGH This Month

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
8.8
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy