Skip to main content
CVE-2025-34065 MEDIUM POC This Month

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.

Authentication Bypass
NVD GitHub Exploit-DB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34053 MEDIUM POC This Month

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.

Authentication Bypass
NVD GitHub Exploit-DB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34051 MEDIUM POC This Month

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.

Information Disclosure SSRF
NVD GitHub Exploit-DB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-50405 MEDIUM POC This Month

Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidation function.

Authentication Bypass Rx 1500 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-50641 MEDIUM POC This Month

Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.

Buffer Overflow Tenda
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-6224 MEDIUM POC PATCH This Month

Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that network could sniff the certificate and trivially extract the private key from it.

Information Disclosure Ubuntu Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-34052 MEDIUM This Month

Rejected reason: An unauthenticated endpoint that exposes firmware version, MAC address, and supported codecs is not indicative of a security boundary being crossed, as this metadata is not. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

Information Disclosure
NVD Exploit-DB GitHub
CVSS 4.0
6.9
EPSS
14.0%
CVE-2025-6963 MEDIUM POC This Month

A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /myprofile.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6962 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Campcodes Employee Management System 1.0. This affects an unknown part of the file /myprofileup.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6961 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Campcodes Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /mark.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6960 MEDIUM POC This Month

A vulnerability classified as critical was found in Campcodes Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /empproject.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6959 MEDIUM POC This Month

A vulnerability classified as critical has been found in Campcodes Employee Management System 1.0. Affected is an unknown function of the file /eloginwel.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6958 MEDIUM POC This Month

A vulnerability was found in Campcodes Employee Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6957 MEDIUM POC This Month

A vulnerability was found in Campcodes Employee Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /process/eprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6956 MEDIUM POC This Month

A vulnerability was found in Campcodes Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /changepassemp.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6955 MEDIUM POC This Month

A vulnerability was found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /process/aprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6954 MEDIUM POC This Month

A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /applyleave.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6938 MEDIUM POC This Month

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editcus.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6937 MEDIUM POC This Month

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /large.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6936 MEDIUM POC This Month

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /addpro.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6935 MEDIUM POC This Month

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/payment_add.php. The manipulation of the argument cid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-50404 MEDIUM POC This Month

Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header, causing the array to cross the boundary and overwrite other fields in the array.

Buffer Overflow Integer Overflow Rx 1500 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-34050 MEDIUM POC This Month

A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.

CSRF
NVD GitHub Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-6081 MEDIUM This Month

Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker can force the target device to authenticate to the attacker controlled LDAP service. This will allow the attacker to capture the plaintext password of the configured LDAP service.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-27153 MEDIUM PATCH This Month

A security vulnerability in is a ticket escalation process helper for GLPI. (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6756 MEDIUM PATCH This Month

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7_CUSTOM_FIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Ultimate Addons For Contact Form 7 PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-5314 MEDIUM This Month

The Dear Flipbook - PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via the ‘pdf-source’ parameter in all versions up to, and including, 2.3.65 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-34080 MEDIUM PATCH This Month

The Contec Co.,Ltd. CONPROSYS HMI System (CHS) is vulnerable to Cross-Site Scripting (XSS) in the getqsetting.php functionality that could allow reflected execution of scripts in the browser on interaction.This issue affects CONPROSYS HMI System (CHS): before 3.7.7.

PHP XSS Conprosys Hmi System
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-2141 MEDIUM This Month

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM 3948 Vef Firmware 3948 Ved Firmware 3957 Ved Firmware
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-45083 MEDIUM This Month

CVE-2025-45083 is a security vulnerability (CVSS 6.1) that allows attackers. Remediation should follow standard vulnerability management procedures.

Google Apple Authentication Bypass Android iOS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-53103 MEDIUM PATCH This Month

A security vulnerability in JUnit (CVSS 5.8). Remediation should follow standard vulnerability management procedures.

Information Disclosure Java Ubuntu Debian Red Hat +1
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-52294 MEDIUM This Month

Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen and view the wallet balance.

Authentication Bypass
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-34062 MEDIUM PATCH This Month

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token-which may be retrievable from host registry keys or improperly secured logs-can retrieve a plaintext response disclosing sensitive credentials. These may include an API key, AWS IAM access and secret keys, and a base64-encoded JWT signing key used in the tenant’s SSO IdP configuration.

Information Disclosure
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-49483 MEDIUM This Month

Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr069_uci.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.

Information Disclosure Kestrel Lapwing Linux Falcon Linux
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-49482 MEDIUM This Month

Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr098.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.

Information Disclosure Kestrel Lapwing Linux Falcon Linux
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-49481 MEDIUM This Month

Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router modules allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pbwork-queue.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.

Information Disclosure Lapwing Linux Kestrel Falcon Linux
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-49491 MEDIUM This Month

Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (traffic_stat modules) allows Resource Leak Exposure. This vulnerability is associated with program files traffic_stat/traffic_service/traffic_service.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.

Information Disclosure Kestrel Falcon Linux Lapwing Linux
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-49488 MEDIUM This Month

Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router components allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pb.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.

Information Disclosure Falcon Linux Kestrel Lapwing Linux
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-49490 MEDIUM This Month

Resource leak vulnerability in ASR180x in router allows Resource Leak Exposure. This vulnerability is associated with program files router/sms/sms.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.

Information Disclosure Lapwing Linux Kestrel Falcon Linux
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-49489 MEDIUM This Month

Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (con_mgr components) allows Resource Leak Exposure. This vulnerability is associated with program files con_mgr/dialer_task.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.

Information Disclosure Falcon Linux Lapwing Linux Kestrel
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-5072 MEDIUM This Month

Resource leak vulnerability in ASR180x、ASR190x in con_mgr allows Resource Leak Exposure.This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.

Information Disclosure Kestrel Falcon Linux Lapwing Linux
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-46259 MEDIUM PATCH This Month

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-53096 MEDIUM PATCH This Month

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. If a user is tricked into interacting (one or multiple clicks) with the malicious page while authenticated, they may unknowingly perform actions within the Sunshine application without their consent. This issue has been patched in version 2025.628.4510.

XSS Sunshine
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36056 MEDIUM This Month

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM 3948 Vef Firmware 3948 Ved Firmware 3957 Ved Firmware
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-6920 MEDIUM This Month

A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authentication bypass. This vulnerability allows unauthorized users to access the same inference features available on protected endpoints, potentially exposing sensitive functionality or allowing unintended access to backend resources.

Authentication Bypass Ai Inference Server Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-5967 MEDIUM This Month

A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data.

XSS Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-36582 MEDIUM PATCH This Month

Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Dell Information Disclosure Networker
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-6600 MEDIUM This Month

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy