Skip to main content
CVE-2025-6095 MEDIUM POC THREAT This Month

A SQL injection vulnerability (CVSS 7.3). Risk factors: EPSS 28% exploitation probability, public PoC available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
28.2%
CVE-2025-5990 HIGH POC PATCH This Week

Stored cross-site scripting (XSS) vulnerability in Crafty Controller that allows authenticated attackers to inject malicious JavaScript through the Server Name form and API Key form components. An attacker with valid credentials can craft malicious input that persists in the application, executing arbitrary scripts in other users' browsers with the same security context. While CVSS 7.6 indicates high severity and the vulnerability requires low attack complexity with network accessibility, real-world risk is constrained by the requirement for prior authentication and user interaction.

XSS Crafty Controller
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-6091 HIGH This Week

A critical buffer overflow vulnerability exists in H3C GR-3000AX V100R007L50 within the UpdateWanParamsMulti/UpdateIpv6Params functions of /routing/goform/aspForm that allows authenticated remote attackers to achieve complete system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability is actively exploitable; however, the vendor has assessed the risk as low and has not committed to immediate patching, despite confirmed existence of the issue.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-6090 HIGH This Week

Critical buffer overflow vulnerability in H3C GR-5400AX V100R009L50 routers affecting the UpdateWanparamsMulti and UpdateIpv6params functions. An authenticated remote attacker can manipulate the 'param' argument to trigger a buffer overflow, potentially achieving remote code execution with full system compromise (confidentiality, integrity, availability impact). A public proof-of-concept exists and the vulnerability is confirmed by the vendor, though they have deprioritized remediation despite the CVSS 8.8 score and active disclosure.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-1411 HIGH This Week

IBM Security Verify Directory Container versions 10.0.0.0 through 10.0.3.1 contain a privilege escalation vulnerability allowing local users to execute arbitrary commands as root. The vulnerability stems from the application running with unnecessary elevated privileges, enabling authenticated local attackers to escalate permissions without user interaction. This is a high-severity local privilege escalation affecting containerized deployments of IBM's identity and access management solution.

Privilege Escalation IBM Docker Security Verify Directory
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-25573 MEDIUM This Month

Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing.

XSS
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-22854 MEDIUM PATCH This Month

CVE-2025-22854 is a security vulnerability (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-5964 MEDIUM PATCH This Month

A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.

Path Traversal M Files Server
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-6094 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6093 MEDIUM This Month

A vulnerability classified as critical was found in uYanki board-stm32f103rc-berial up to 84daed541609cb7b46854cc6672a275d1007e295. This vulnerability affects the function heartrate1_i2c_hal_write of the file 7.Example/hal/i2c/max30100/Manual/demo2/2/heartrate1_hal.c. The manipulation of the argument num leads to stack-based buffer overflow. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-36041 MEDIUM This Month

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.

Information Disclosure IBM Supplied Mq Advanced Container Images Mq Operator
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-21085 LOW PATCH Monitor

A security vulnerability in PingFederate OAuth2 grant duplication in PostgreSQL persistent storage (CVSS 2.1) that allows oauth2 requests. Remediation should follow standard vulnerability management procedures.

PostgreSQL Information Disclosure
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6092 LOW Monitor

A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6089 LOW Monitor

A vulnerability has been found in Astun Technology iShare Maps 5.4.0 and classified as problematic. This vulnerability affects unknown code of the file atCheckJS.aspx. The manipulation of the argument ref leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Open Redirect
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy