Skip to main content
CVE-2025-47827 MEDIUM POC KEV THREAT This Month

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.

Authentication Bypass Windows 11 24h2 Igel Os Windows Server 2016 Windows 11 22h2 +13
NVD GitHub
CVSS 3.1
4.6
EPSS
1.8%
Threat
4.0
CVE-2025-5701 HIGH POC THREAT Act Now

The HyperComments WordPress plugin versions up to 1.2.2 contain a critical missing capability check vulnerability in the hc_request_handler function that allows unauthenticated remote attackers to modify arbitrary WordPress options without authentication. This can be directly exploited to escalate privileges by changing the default registration role to administrator and enabling user registration, granting attackers immediate administrative access to vulnerable sites. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this vulnerability poses an extreme risk to any unpatched WordPress installation using the affected plugin.

WordPress Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
13.8%
CVE-2025-5623 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 1.10CNB05 affecting the qosClassifier function's dip_address/sip_address parameters. This unauthenticated, remotely exploitable flaw allows attackers to achieve complete system compromise (confidentiality, integrity, and availability impact). The vulnerability affects end-of-life products no longer receiving vendor support, with public exploit disclosure and confirmed proof-of-concept availability increasing real-world exploitation risk.

Buffer Overflow D-Link RCE Dir 816 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-5630 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the /goform/form2lansetup.cgi endpoint. An unauthenticated remote attacker can exploit this vulnerability by manipulating the 'ip' parameter to achieve complete system compromise including data exfiltration, integrity violation, and denial of service. The vulnerability has public exploit code available and affects end-of-life products no longer receiving vendor support.

Buffer Overflow D-Link RCE Dir 816 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-5624 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the QoSPortSetup function. An unauthenticated remote attacker can exploit this vulnerability by manipulating port0_group, port0_remarker, ssid0_group, or ssid0_remarker parameters to achieve arbitrary code execution, complete system compromise (confidentiality, integrity, availability), and full device takeover. Public exploit code has been disclosed, increasing real-world exploitation risk significantly.

Buffer Overflow D-Link Dir 816 Firmware RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-5622 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 wireless router (version 1.10CNB05) affecting the 5GHz wireless configuration interface. An unauthenticated remote attacker can exploit improper input validation in the wirelessApcli_5g function to achieve complete system compromise including arbitrary code execution, data theft, and service disruption. Public exploit code exists and the affected product line is end-of-life, creating significant risk for unpatched deployments.

Buffer Overflow D-Link Stack Overflow RCE Dir 816 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-1793 CRITICAL POC PATCH Act Now

Critical SQL injection vulnerability affecting run-llama/llama_index v0.12.21 and potentially other versions, present in multiple vector store integrations. Attackers can execute arbitrary SQL commands without authentication to read and write data, potentially compromising data belonging to other users in web applications leveraging this library. With a CVSS 9.8 severity score, network-accessible attack vector, and no authentication required, this vulnerability poses an immediate and severe risk to production deployments.

SQLi Authentication Bypass Llamaindex Red Hat
NVD GitHub
CVSS 3.0
9.8
EPSS
0.0%
CVE-2025-5685 HIGH POC This Week

Critical stack-based buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1, affecting the formNatlimit function in the /goform/Natlimit endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets active exploitation criteria.

Buffer Overflow Ch22 Firmware Tenda RCE
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-5621 HIGH POC This Week

A command injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.

Command Injection D-Link RCE Dir 816 Firmware
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
1.0%
CVE-2025-5620 HIGH POC This Week

A critical remote code execution vulnerability exists in D-Link DIR-816 firmware version 1.10CNB05, allowing unauthenticated attackers to execute arbitrary OS commands via the /goform/setipsec_config endpoint by manipulating localIP or remoteIP parameters. The vulnerability has a publicly disclosed proof-of-concept exploit and affects end-of-life hardware no longer receiving security updates from D-Link, creating significant risk for deployed instances.

Command Injection D-Link RCE Ipsec Dir 816 Firmware
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
1.0%
CVE-2025-5667 HIGH POC This Week

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN Command Handler that allows unauthenticated remote attackers to cause information disclosure, integrity compromise, and denial of service. The vulnerability has been publicly disclosed with exploit code available, making it a high-priority threat for any organization running vulnerable FTP server instances.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5666 HIGH POC This Week

Critical buffer overflow vulnerability in the XMKD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to achieve arbitrary code execution with low-impact consequences (confidentiality, integrity, and availability). The vulnerability has been publicly disclosed with exploit code available, making it a significant risk for exposed FTP deployments; however, the CVSS 7.3 score reflects moderate rather than critical severity due to limited impact scope.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5665 HIGH POC This Week

Critical buffer overflow vulnerability in the XCWD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to cause denial of service and potentially achieve code execution with confidentiality, integrity, and availability impact. The vulnerability has been publicly disclosed with exploit code available, making it an active threat to exposed FTP server instances. With a CVSS score of 7.3 and network-based attack vector requiring no privileges or user interaction, this represents a significant risk to unpatched deployments.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5664 HIGH POC This Week

Critical buffer overflow vulnerability in the RESTART Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to cause denial of service and potentially achieve information disclosure or integrity compromise. The vulnerability is classified as critical by the vendor, has a disclosed proof-of-concept, and poses immediate risk to exposed FTP servers; however, the CVSS 7.3 score reflects moderate actual impact (low confidentiality, integrity, and availability) rather than critical severity.

Buffer Overflow Freefloat Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5637 HIGH POC This Week

Critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's SYSTEM Command Handler that allows unauthenticated remote attackers to cause denial of service and potentially execute arbitrary code with limited impact on confidentiality and integrity. The vulnerability has been publicly disclosed with exploit code available, making it actively exploitable in the wild against unpatched systems.

Buffer Overflow Ftp Denial Of Service Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5636 HIGH POC This Week

Critical buffer overflow vulnerability in the SET Command Handler of PCMan FTP Server 2.0.7 that allows remote attackers to cause denial of service and potentially execute arbitrary code with no authentication required. The vulnerability has been publicly disclosed with exploit code available, making it an active threat to unpatched FTP server deployments. With a CVSS score of 7.3 and low attack complexity, this vulnerability represents a significant risk to organizations running vulnerable versions.

Buffer Overflow Ftp Denial Of Service Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5635 HIGH POC This Week

Critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 affecting the PLS Command Handler component. Remote attackers can exploit this flaw without authentication or user interaction to achieve confidentiality, integrity, and availability impacts. Public exploit code is available and the vulnerability may be actively exploited in the wild.

Buffer Overflow Ftp Denial Of Service Pcman Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5634 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 7.3). Risk factors: public PoC available.

Buffer Overflow Ftp Denial Of Service Ftp Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-5663 HIGH POC This Week

Critical SQL injection vulnerability in PHPGurukul Auto Taxi Stand Management System version 1.0, specifically in the /admin/search-autoortaxi.php file's 'searchdata' parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit proof-of-concept code available, creating immediate risk of active exploitation.

PHP SQLi
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5639 HIGH POC This Week

Critical SQL injection vulnerability in PHPGurukul Notice Board System 1.0 affecting the /forgot-password.php endpoint via the email parameter. An unauthenticated remote attacker can exploit this with low complexity to execute arbitrary SQL queries, potentially compromising confidentiality, integrity, and availability of the underlying database. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.

PHP SQLi Notice Board System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5626 HIGH POC This Week

A SQL injection vulnerability in A vulnerability classified as critical (CVSS 7.3). Risk factors: public PoC available.

PHP SQLi Online Teacher Record Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5625 HIGH POC This Week

Critical SQL injection vulnerability in Campcodes Online Teacher Record Management System version 1.0, specifically in the /search-teacher.php file's 'searchteacher' parameter. An unauthenticated remote attacker can exploit this flaw to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of teacher records. The vulnerability has been publicly disclosed with exploit code available, making active exploitation likely in the wild.

PHP SQLi Online Teacher Record Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5650 HIGH POC This Week

Critical SQL injection vulnerability in 1000projects Online Notice Board version 1.0 affecting the /register.php file's fname parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially exfiltrate or modify database contents. The vulnerability has been publicly disclosed with exploit code availability, creating immediate risk for deployed instances. With a CVSS score of 7.3 and network-accessible attack vector requiring no authentication, this poses significant risk to organizations using this software, though CVSS does not reflect the severity as 'critical' (which typically requires CVSS ≥9.0).

PHP SQLi Online Notice Board
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5631 HIGH POC This Week

Critical SQL injection vulnerability in the /publicposts.php file of Content Management System and News-Buzz version 1.0 by code-projects/anirbandutta9. The vulnerability allows unauthenticated remote attackers to inject arbitrary SQL commands through the 'post' parameter, potentially enabling unauthorized data access, modification, or deletion. A public exploit has been disclosed and the vulnerability is exploitable with low attack complexity, making it an active threat.

PHP SQLi Content Management System News Buzz RCE
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5677 HIGH POC This Week

Critical SQL injection vulnerability in Campcodes Online Recruitment Management System version 1.0 affecting the /admin/ajax.php?action=save_application endpoint. An unauthenticated remote attacker can manipulate the position_id parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with proof-of-concept code available, making active exploitation likely.

PHP SQLi Online Recruitment Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5676 HIGH POC This Week

Critical SQL injection vulnerability in Campcodes Online Recruitment Management System version 1.0, affecting the authentication endpoint at /admin/ajax.php?action=login. An unauthenticated remote attacker can manipulate the Username parameter to execute arbitrary SQL queries, potentially leading to unauthorized access, data exfiltration, or database manipulation. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.

PHP SQLi Online Recruitment Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5675 HIGH POC This Week

Critical SQL injection vulnerability in Campcodes Online Teacher Record Management System version 1.0, affecting the administrative report functionality at /trms/admin/bwdates-reports-details.php. An unauthenticated remote attacker can manipulate the fromdate/todate parameters to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with proof-of-concept code available, presenting immediate exploitation risk.

PHP SQLi Online Teacher Record Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-5680 MEDIUM POC This Month

A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script Handler. The manipulation of the argument script leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Deserialization Java Agilebpm
NVD VulDB
CVSS 3.1
6.3
EPSS
0.4%
CVE-2025-5679 MEDIUM POC This Month

A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Deserialization Java Agilebpm
NVD VulDB
CVSS 3.1
6.3
EPSS
0.4%
CVE-2025-5670 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/manage-card.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Medical Card Generation System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5669 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/unreadenq.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Medical Card Generation System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5668 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/readenq.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Medical Card Generation System
NVD VulDB GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5660 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 2.0. Affected by this issue is some unknown functionality of the file /user/register-complaint.php. The manipulation of the argument noc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Complaint Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5659 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Complaint Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /user/profile.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Complaint Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5652 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/between-date-complaintreport.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Complaint Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5638 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Notice Board System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5633 MEDIUM POC This Month

A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi News Buzz Content Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5632 MEDIUM POC This Month

A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Content Management System News Buzz
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5694 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5693 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5674 MEDIUM POC This Month

A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file urinalysis_form.php. The manipulation of the argument urinalysis_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5658 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/updatecomplaint.php. The manipulation of the argument Status leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Complaint Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5657 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Complaint Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5656 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-category.php. The manipulation of the argument description leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Complaint Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5654 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-state.php. The manipulation of the argument description leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Complaint Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5653 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/between-date-userreport.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Complaint Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5655 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument subcategory leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Complaint Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5627 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /sputum_form.php. The manipulation of the argument itr_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-47966 CRITICAL Act Now

Critical information disclosure vulnerability in Microsoft Power Automate that allows unauthenticated remote attackers to expose sensitive information and escalate privileges across a network without requiring user interaction. With a CVSS score of 9.8 and an unauthenticated attack vector, this vulnerability represents an immediate and severe risk to organizations using Power Automate; exploitation is likely being actively pursued given the severity metrics and network-accessible nature of the vulnerability.

Information Disclosure Power Automate For Desktop
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2025-5704 MEDIUM POC This Month

Critical SQL injection vulnerability in code-projects Real Estate Property Management System version 1.0, specifically in the /Admin/User.php file's txtUserName parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL commands, potentially compromising data confidentiality, integrity, and availability. Public exploit disclosure and active exploitation risk make this a high-priority remediation target.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy