Skip to main content
CVE-2025-32015 MEDIUM POC PATCH This Month

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `<iframe srcdoc>` attribute, which leads to cross-site scripting (XSS) by loading an attacker's UserJS inside `<script src>`. In order to execute the attack, the attacker needs to control one of the victim's feeds and have an account on the FreshRSS instance that the victim is using. An attacker can gain access to the victim's account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 contains a patch for the issue.

RCE XSS Debian Freshrss
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-31136 MEDIUM POC PATCH This Month

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting (XSS) issue that occurs in `f.php` when SVG favicons are downloaded from an attacker-controlled feed containing `<script>` tags inside of them that aren't sanitized, with the lack of CSP in `f.php` by embedding the malicious favicon in an iframe (that has `sandbox="allow-scripts allow-same-origin"` set as its attribute). An attacker needs to control one of the feeds that the victim is subscribed to, and also must have an account on the FreshRSS instance. Other than that, the iframe payload can be embedded as one of two options. The first payload requires user interaction (the user clicking on the malicious feed entry) with default user configuration, and the second payload fires instantly right after the user adds the feed or logs into the account while the feed entry is still visible. This is because of lazy image loading functionality, which the second payload bypasses. An attacker can gain access to the victim's account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 has a patch for the issue.

PHP RCE XSS Debian Freshrss
NVD GitHub
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-5606 MEDIUM POC This Month

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection Ac18 Firmware Tenda
NVD VulDB
CVSS 3.1
6.3
EPSS
1.5%
CVE-2025-46204 MEDIUM POC This Month

An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.

Privilege Escalation Unifiedtransform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46203 MEDIUM POC This Month

An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.

Privilege Escalation Unifiedtransform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-5573 MEDIUM POC This Month

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection Dcs 932l Firmware D-Link
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.7%
CVE-2025-5569 MEDIUM POC This Month

A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component.

SQLi Ideacms
NVD VulDB
CVSS 3.1
6.3
EPSS
0.6%
CVE-2025-5571 MEDIUM POC This Month

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection Dcs 932l Firmware D-Link
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.6%
CVE-2025-5552 MEDIUM POC This Month

A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Deserialization Chestnutcms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5618 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5617 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5616 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5613 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /request-details.php. The manipulation of the argument requestid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5612 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /reporting.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5582 MEDIUM POC This Month

A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5615 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /details.php. The manipulation of the argument requestid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5614 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5611 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5566 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Notice Board System 1.0. This affects an unknown part of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Notice Board System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5558 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Teacher Subject Allocation Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5557 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-course.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Teacher Subject Allocation Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5556 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Teacher Subject Allocation Management System 1.0. This affects an unknown part of the file /admin/edit-teacher-info.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Teacher Subject Allocation Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5554 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Rail Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Rail Pass Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5546 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Daily Expense Tracker System 1.1. This vulnerability affects unknown code of the file /expense-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Daily Expense Tracker System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5610 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-29094 MEDIUM POC This Month

Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Marketing/Forms, Marketing/Offers and Content/Pages components.

RCE XSS Content Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-48934 MEDIUM POC PATCH This Month

A security vulnerability in Deno (CVSS 5.3). Risk factors: public PoC available. Vendor patch is available.

Information Disclosure Deno Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-48888 MEDIUM POC PATCH This Month

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, `deno run --allow-read --deny-read main.ts` results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions given as `--allow-* --deny-*`. This only affects a nonsensical combination of flags, so there shouldn't be a real impact on the userbase. Users may upgrade to version 2.1.13, 2.2.13, or 2.3.2 to receive a patch.

Authentication Bypass Deno Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-5545 MEDIUM POC This Month

A vulnerability classified as problematic has been found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasys/controller/process/ProcedureController.java. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Java Path Traversal Oa System
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-46339 MEDIUM POC PATCH This Month

A security vulnerability in FreshRSS (CVSS 4.3). Risk factors: public PoC available. Vendor patch is available.

Information Disclosure Debian Freshrss
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-31482 MEDIUM POC PATCH This Month

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue.

CSRF Denial Of Service Debian Freshrss
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-4580 MEDIUM POC This Month

The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

WordPress CSRF File Provider PHP
NVD WPScan
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-22244 MEDIUM This Month

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

XSS VMware Telco Cloud Infrastructure Telco Cloud Platform Vmware Nsx +1
NVD
CVSS 3.1
6.9
EPSS
0.0%
CVE-2025-20984 MEDIUM This Month

Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.

Privilege Escalation Samsung Wear Os
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-48959 MEDIUM PATCH This Month

Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2025-5690 MEDIUM PATCH This Month

PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1

PostgreSQL Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23106 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung Memory Corruption Exynos 1480 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23101 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung Memory Corruption Exynos 1380 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23096 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.

Privilege Escalation Samsung Exynos 2200 Firmware Exynos 1380 Firmware Exynos 2400 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23095 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.

Privilege Escalation Samsung Exynos 1480 Firmware Exynos 2400 Firmware Exynos 1280 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-46011 MEDIUM PATCH This Month

Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.

SQLi Listmonk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5539 MEDIUM PATCH This Month

The Simple Contact Form Plugin for WordPress - WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Wp Easy Contact PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-5532 MEDIUM This Month

The Campus Directory - Faculty, Staff & Student Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-5531 MEDIUM This Month

The Employee Directory - Staff Listing & Team Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-20981 MEDIUM This Month

Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information.

Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-20273 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

XSS Cisco Unified Intelligent Contact Management Enterprise
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-20278 MEDIUM This Month

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.

Command Injection Cisco Socialminer Unified Communications Manager Im And Presence Service Finesse +5
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-22245 MEDIUM This Month

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.

XSS VMware Vmware Nsx Cloud Foundation Telco Cloud Platform +1
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-48960 MEDIUM PATCH This Month

CVE-2025-48960 is a security vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

Microsoft Apple Information Disclosure Windows macOS
NVD
CVSS 3.0
5.9
EPSS
0.0%
CVE-2025-20985 MEDIUM This Month

A security vulnerability in ThemeManager (CVSS 5.5) that allows local privileged attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy