Skip to main content
CVE-2025-5616 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5613 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /request-details.php. The manipulation of the argument requestid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5612 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /reporting.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5582 MEDIUM POC This Month

A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5615 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /details.php. The manipulation of the argument requestid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5614 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5611 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5566 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Notice Board System 1.0. This affects an unknown part of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Notice Board System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5558 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Teacher Subject Allocation Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5557 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-course.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Teacher Subject Allocation Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5556 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Teacher Subject Allocation Management System 1.0. This affects an unknown part of the file /admin/edit-teacher-info.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Teacher Subject Allocation Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5554 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Rail Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Rail Pass Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5546 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Daily Expense Tracker System 1.1. This vulnerability affects unknown code of the file /expense-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Daily Expense Tracker System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5610 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-29094 MEDIUM POC This Month

Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Marketing/Forms, Marketing/Offers and Content/Pages components.

RCE XSS Content Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-5597 CRITICAL Act Now

Auth bypass in Airleader MASTER. CVSS 10.0.

Authentication Bypass
NVD GitHub
CVSS 4.0
10.0
EPSS
0.1%
CVE-2025-20286 CRITICAL Act Now

Default credentials in Cisco ISE cloud deployments on AWS/Azure/OCI. CVSS 9.9.

Cisco Oracle Information Disclosure Authentication Bypass Azure +2
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-49223 CRITICAL PATCH Act Now

Prototype pollution in billboard.js before 3.15.1 via generate function.

RCE Denial Of Service Billboard.Js
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-48934 MEDIUM POC PATCH This Month

A security vulnerability in Deno (CVSS 5.3). Risk factors: public PoC available. Vendor patch is available.

Information Disclosure Deno Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-48888 MEDIUM POC PATCH This Month

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, `deno run --allow-read --deny-read main.ts` results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions given as `--allow-* --deny-*`. This only affects a nonsensical combination of flags, so there shouldn't be a real impact on the userbase. Users may upgrade to version 2.1.13, 2.2.13, or 2.3.2 to receive a patch.

Authentication Bypass Deno Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-5598 CRITICAL Act Now

Path traversal in Airleader MASTER enables reading embedded sensitive data.

Information Disclosure Path Traversal
NVD GitHub
CVSS 4.0
9.2
EPSS
0.2%
CVE-2025-1701 HIGH PATCH This Week

A remote code execution vulnerability in the MIM Admin service (CVSS 8.9). High severity vulnerability requiring prompt remediation.

RCE Privilege Escalation
NVD
CVSS 4.0
8.9
EPSS
0.0%
CVE-2025-20261 HIGH This Week

Critical authentication bypass vulnerability in Cisco Integrated Management Controller (IMC) across multiple UCS server platforms that allows authenticated remote attackers to escalate privileges and access internal services with elevated permissions via crafted SSH syntax. The vulnerability affects UCS B-Series, C-Series, S-Series, and X-Series servers, enabling attackers to create administrator accounts and modify system configurations. With a CVSS score of 8.8 and low attack complexity requiring only valid credentials, this vulnerability poses significant risk to data center infrastructure and should be prioritized for patching.

Cisco SSH Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-5482 HIGH PATCH This Week

The Sunshine Photo Cart plugin for WordPress (versions ≤3.4.11) contains an improper key validation vulnerability in its password reset functionality, allowing authenticated attackers with Subscriber-level privileges to perform privilege escalation by resetting arbitrary user passwords, including administrators. With a CVSS score of 8.8 and a low attack complexity (network-accessible, no user interaction required), this vulnerability poses a critical threat to WordPress installations using this plugin. The vulnerability is likely to be actively exploited given the straightforward attack path and the high-value target (admin account takeover).

WordPress Privilege Escalation PHP Sunshine Photo Cart
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-13967 HIGH This Week

CVE-2024-13967 is an authentication bypass vulnerability in EIBPORT V3 KNX web server that allows unauthenticated attackers to access sensitive configuration pages through the integrated web interface. Affects EIBPORT V3 KNX and EIBPORT V3 KNX GSM through version 3.9.8. Successful exploitation enables complete compromise of the device including confidentiality, integrity, and availability of configuration settings and potentially the entire KNX installation.

Authentication Bypass Siemens Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-20163 HIGH This Week

Man-in-the-middle vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) caused by insufficient SSH host key validation, allowing unauthenticated remote attackers to impersonate NDFC-managed devices and intercept SSH traffic. This vulnerability affects Cisco NDFC deployments and could lead to credential capture and device impersonation with a CVSS score of 8.7 (High). Without confirmed KEV status or public POC availability noted in standard databases, organizations should prioritize patching based on CVSS severity and the network-accessible nature of the vulnerability (AV:N).

Information Disclosure Cisco SSH Authentication Bypass Nexus Dashboard
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-5545 MEDIUM POC This Month

A vulnerability classified as problematic has been found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasys/controller/process/ProcedureController.java. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Java Path Traversal Oa System
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-46339 MEDIUM POC PATCH This Month

A security vulnerability in FreshRSS (CVSS 4.3). Risk factors: public PoC available. Vendor patch is available.

Information Disclosure Debian Freshrss
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-31482 MEDIUM POC PATCH This Month

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue.

CSRF Denial Of Service Debian Freshrss
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-4580 MEDIUM POC This Month

The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

WordPress CSRF File Provider PHP
NVD WPScan
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27811 HIGH This Week

Local privilege escalation vulnerability in Razer Synapse 4 (versions through 4.0.86.2502180127) affecting the razer_elevation_service.exe component. An authenticated local attacker can exploit a vulnerable COM interface to escalate from standard user privileges to SYSTEM/administrative level, gaining full control over the affected system. The vulnerability has a CVSS score of 7.8 (high severity) and requires local access but no user interaction, making it a significant risk for multi-user systems and enterprise deployments.

Privilege Escalation Windows Synapse 4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48947 HIGH PATCH This Week

A security vulnerability in Next.js applications. In Auth0 Next.js SDK (CVSS 7.7). High severity vulnerability requiring prompt remediation.

Next.js Node.js Information Disclosure Authentication Bypass
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2018-25112 HIGH This Week

CVE-2018-25112 is an unauthenticated network-based Denial-of-Service vulnerability affecting IEC 61131-compliant Industrial Logic Controllers (ILCs). An attacker can exhaust device resources by flooding the controller with crafted network traffic, rendering it unresponsive. With a CVSS score of 7.5 (High severity), no authentication required, and network-accessible attack surface, this poses significant risk to industrial control systems; however, exploitation likelihood depends on network exposure and whether patches are available from affected vendors.

Denial Of Service IoT Industrial
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-30415 HIGH PATCH This Week

A denial of service vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Microsoft Apple Denial Of Service Windows macOS
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2025-22243 HIGH This Week

VMware NSX Manager UI is vulnerable to stored cross-site scripting (XSS) attacks via improper input validation in user-controllable fields (CWE-79). An authenticated attacker with high privileges can inject malicious scripts that persist in the application and execute in the browsers of other users, potentially leading to session hijacking, credential theft, or unauthorized administrative actions. With a CVSS score of 7.5 and network-accessible attack vector, this vulnerability poses a moderate-to-high risk to NSX Manager deployments, particularly in multi-user environments.

XSS VMware Telco Cloud Platform Cloud Foundation Vmware Nsx +1
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-5688 HIGH PATCH This Week

Buffer overflow vulnerability (CWE-787: Out-of-bounds Write) in DNS name processing affecting systems running LLMNR or mDNS with Buffer Allocation Scheme 1 enabled. An attacker with local access can trigger out-of-bounds writes by crafting LLMNR/mDNS queries with excessively long DNS names, potentially achieving code execution or system compromise. The vulnerability requires local access (AV:L) but no user interaction or authentication, making it a significant privilege escalation vector on multi-user systems.

Buffer Overflow Denial Of Service DNS
NVD GitHub
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-47728 HIGH PATCH This Week

Local code execution vulnerability in Delta Electronics CNCSoft-G2 resulting from insufficient file validation when processing user-supplied files. An authenticated local attacker can craft a malicious file that, when opened by a user, executes arbitrary code with the privileges of the affected application. This vulnerability has a CVSS score of 7.3 (High) and requires local access and user interaction, making it a significant risk for organizations deploying CNCSoft-G2 in manufacturing or industrial control environments.

Information Disclosure Cncsoft G2
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-47727 HIGH This Week

Local code execution vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files. When a user opens a malicious file, an attacker can execute arbitrary code with the privileges of the current process. While no publicly disclosed POC or active exploitation in the wild has been confirmed, the high CVSS score (7.3) and the file-opening attack vector present moderate risk to users of affected CNCSoft versions.

RCE Cncsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-47726 HIGH This Week

Buffer overflow vulnerability (CWE-787) in Delta Electronics CNCSoft that allows local authenticated users to execute arbitrary code by opening a specially crafted malicious file. The vulnerability requires user interaction (file opening) but results in complete compromise of the affected process with high impact to confidentiality, integrity, and availability. No KEV status, EPSS score, or confirmed active exploitation data is available in the provided intelligence.

Information Disclosure Cncsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-47725 HIGH This Week

Local arbitrary code execution vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files. An attacker with local access can craft a malicious file that, when opened by a user, executes arbitrary code with the privileges of the CNCSoft process. With a CVSS score of 7.3 and CWE-787 (Out-of-bounds Write) classification, this represents a significant local privilege escalation risk, though exploitation requires user interaction and local access.

Information Disclosure Cncsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-47724 HIGH This Week

Local privilege escalation vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files. When a user opens a malicious file, an attacker can execute arbitrary code with the privileges of the current process. While the CVSS score of 7.3 is moderate-to-high, the attack requires local access and user interaction, limiting immediate widespread impact; however, the high integrity and confidentiality impact (CWE-787: Out-of-bounds Write) warrants prompt patching.

Information Disclosure Cncsoft
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48961 HIGH PATCH This Week

Local privilege escalation vulnerability in Acronis Cyber Protect 16 (Windows) caused by insecure folder permissions (CWE-732), allowing authenticated local users to escalate privileges with high confidentiality, integrity, and availability impact. The vulnerability affects Windows installations before build 39938, and while the CVSS score of 7.3 indicates significant risk, exploitation requires local access and user interaction. No public indicators confirm active exploitation in the wild or widespread POC availability at this time.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2024-31127 HIGH PATCH This Week

Privilege escalation vulnerability in Zscaler Client Connector for macOS versions prior to 4.2.0.241, caused by improper verification of loaded libraries. A local attacker with standard user privileges can exploit this weakness without user interaction to gain elevated system privileges, potentially compromising system integrity and confidentiality. The CVSS 7.3 score reflects the moderate-to-high severity of local privilege escalation with high impact on confidentiality and integrity.

Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-22244 MEDIUM This Month

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

XSS VMware Telco Cloud Infrastructure Telco Cloud Platform Vmware Nsx +1
NVD
CVSS 3.1
6.9
EPSS
0.0%
CVE-2025-20984 MEDIUM This Month

Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.

Privilege Escalation Samsung Wear Os
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-48959 MEDIUM PATCH This Month

Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2025-5690 MEDIUM PATCH This Month

PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1

PostgreSQL Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23106 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung Memory Corruption Exynos 1480 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23101 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung Memory Corruption Exynos 1380 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23096 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.

Privilege Escalation Samsung Exynos 2200 Firmware Exynos 1380 Firmware Exynos 2400 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy