Skip to main content
CVE-2025-43200 MEDIUM KEV PATCH THREAT This Month

A denial of service vulnerability in This (CVSS 4.2). Risk factors: actively exploited (KEV-listed).

Apple Information Disclosure
NVD
CVSS 3.1
4.2
EPSS
0.4%
CVE-2025-6132 MEDIUM POC This Month

Critical SQL injection vulnerability in Chanjet CRM 1.0 affecting the /sysconfig/departmentsetting.php endpoint via the gblOrgID parameter. An unauthenticated remote attacker can manipulate this parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has public exploit disclosure and demonstrates active exploitation potential, making it a high-priority remediation target despite the moderate CVSS score.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6124 MEDIUM POC This Month

Critical SQL injection vulnerability in code-projects Restaurant Order System version 1.0, affecting the /tablelow.php file's ID parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion of the restaurant database. The vulnerability has been publicly disclosed with proof-of-concept availability, increasing real-world exploitation risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6123 MEDIUM POC This Month

A SQL injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6097 MEDIUM POC This Month

A security vulnerability in UTT 进取 750W (CVSS 5.3). Risk factors: public PoC available.

Information Disclosure 750w Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-48992 MEDIUM POC PATCH This Month

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, which is executed when a user adds the malicious user to their Synchronization > Address books. This issue has been patched in versions 6.8.123 and 25.0.27.

Microsoft XSS Group Office
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-25264 MEDIUM PATCH This Month

CVE-2025-25264 is a security vulnerability (CVSS 6.5) that allows the attacker. Remediation should follow standard vulnerability management procedures.

Java Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-40729 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.

PHP RCE XSS Customer Support System
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-46710 MEDIUM This Month

Possible kernel exceptions caused by reading and writing kernel heap data after free.

Use After Free Information Disclosure Memory Corruption Ddk
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-6118 MEDIUM This Month

Das Parking Management System versions up to 6.2.0 contain a critical SQL injection vulnerability in the /vehicle/search API endpoint, specifically in the vehicleTypeCode parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, and active exploitation is possible given the CVSS 7.3 score and low attack complexity.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6117 MEDIUM This Month

SQL injection vulnerability in Das Parking Management System (停车场管理系统) version 6.2.0 affecting the /Reservations/Search API endpoint. An unauthenticated remote attacker can manipulate the 'Value' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or denial of service. Public exploit code is available and the vulnerability may be actively exploited in the wild.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6116 MEDIUM This Month

Critical SQL injection vulnerability in Das Parking Management System (停车场管理系统) version 6.2.0 affecting the /IntraFieldVehicle/Search API endpoint. An unauthenticated remote attacker can manipulate the 'Value' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has public exploit disclosure available and carries a CVSS score of 7.3 with demonstrated feasibility of remote exploitation.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-2091 MEDIUM PATCH This Month

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.

Apple Open Redirect Google M Files Mobile Android +1
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-40727 MEDIUM This Month

A Reflected Cross Site Scripting (XSS) vulnerability was found in '/search' in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's' GET parameter.

RCE XSS
NVD
CVSS 4.0
5.1
EPSS
1.1%
CVE-2025-49134 MEDIUM PATCH This Month

A security vulnerability in Weblate (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Debian Weblate Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-27587 MEDIUM PATCH This Month

A security vulnerability in OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

OpenSSL Information Disclosure Ubuntu Debian Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-6099 MEDIUM This Month

A security vulnerability in szluyu99 gin-vue-blog (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-4565 MEDIUM POC PATCH This Month

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901

Python Denial Of Service Ubuntu Debian Protobuf Python +2
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-40726 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter.

RCE XSS
NVD
CVSS 4.0
5.1
EPSS
0.8%
CVE-2025-2327 MEDIUM This Month

A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-25265 MEDIUM PATCH This Month

A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows a high privileged remote attacker to read files from the system’s file structure.

Authentication Bypass
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-47951 MEDIUM PATCH This Month

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.

Information Disclosure Debian Weblate Suse
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-4748 MEDIUM PATCH This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

Path Traversal
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-6141 MEDIUM PATCH CISA This Month

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.

Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy