Skip to main content
CVE-2025-49706 MEDIUM POC KEV PATCH THREAT CERT-EU Act Now

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Microsoft Authentication Bypass Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
59.9%
Threat
8.1
CVE-2025-53512 MEDIUM POC PATCH This Month

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

Information Disclosure Ubuntu Debian Juju Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-7160 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. This affects an unknown part of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
1.9%
CVE-2025-7165 MEDIUM POC This Month

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7164 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7172 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Crime Reporting System 1.0. This affects an unknown part of the file /headlogin.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7185 MEDIUM POC This Month

A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /approve.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7184 MEDIUM POC This Month

A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. This affects an unknown part of the file /user/teacher/books.php. The manipulation of the argument Search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7183 MEDIUM POC This Month

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/customer_account.php. The manipulation of the argument Customer leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7180 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Staff Audit System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument User leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7179 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Library System 1.0. This vulnerability affects unknown code of the file /add-teacher.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7178 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Food Distributor Site 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7176 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7174 MEDIUM POC This Month

A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file /teacher-issue-book.php. The manipulation of the argument idn leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7173 MEDIUM POC This Month

A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-student.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7171 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Crime Reporting System 1.0. Affected by this issue is some unknown functionality of the file /policelogin.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7170 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Crime Reporting System 1.0. Affected by this vulnerability is an unknown functionality of the file /registration.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7169 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Crime Reporting System 1.0. Affected is an unknown function of the file /complainer_page.php. The manipulation of the argument location leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7168 MEDIUM POC This Month

A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /userlogin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7157 MEDIUM POC This Month

A vulnerability was found in code-projects Online Note Sharing 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7155 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Online Notes Sharing System 1.0. This affects an unknown part of the file /Dashboard of the component Cookie Handler. The manipulation of the argument sessionid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The original researcher disclosure suspects an XPath Injection vulnerability; however, the provided attack payload appears to be characteristic of an SQL Injection attack.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7199 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Library System 1.0. This issue affects some unknown processing of the file /notapprove.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7198 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Jonnys Liquor 1.0. This vulnerability affects unknown code of the file /admin/admin-area.php. The manipulation of the argument drink leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7197 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Jonnys Liquor 1.0. This affects an unknown part of the file /admin/delete-row.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7196 MEDIUM POC This Month

A vulnerability was found in code-projects Jonnys Liquor 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /browse.php. The manipulation of the argument Search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7193 MEDIUM POC This Month

A vulnerability was found in itsourcecode Agri-Trading Online Shopping System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/suppliercontroller.php. The manipulation of the argument supplier leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7191 MEDIUM POC This Month

A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-53545 MEDIUM This Month

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit ddb439f8eb1816010f2ef653a908648b71f9bba8.

Authentication Bypass
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-43001 MEDIUM This Month

SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system.

Privilege Escalation
NVD
CVSS 3.1
6.9
EPSS
0.0%
CVE-2025-42992 MEDIUM This Month

SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system.

Privilege Escalation
NVD
CVSS 3.1
6.9
EPSS
0.0%
CVE-2025-47999 MEDIUM PATCH This Month

A security vulnerability in Missing synchronization in Windows Hyper-V (CVSS 6.8) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows 10 1607 Windows Server 2022 23h2 Windows Server 2019 +10
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-48800 MEDIUM PATCH This Month

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Microsoft Authentication Bypass Windows 10 1607 Windows Server 2022 Windows 11 23h2 +11
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-48003 MEDIUM PATCH This Month

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Microsoft Authentication Bypass Windows 10 22h2 Windows Server 2022 Windows 11 22h2 +8
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-49544 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to access sensitive information or bypass security measures. Exploitation of this issue does not require user interaction and scope is changed.

XXE Coldfusion
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-48818 MEDIUM PATCH This Month

Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Microsoft Authentication Bypass Windows 11 22h2 Windows 10 1809 Windows 10 22h2 +11
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-48001 MEDIUM PATCH This Month

Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Microsoft Authentication Bypass Windows 10 1507 Windows 11 24h2 Windows 10 21h2 +12
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-48804 MEDIUM PATCH This Month

A security vulnerability in Acceptance of extraneous untrusted data with trusted data in Windows BitLocker (CVSS 6.8) that allows an unauthorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Authentication Bypass Windows 10 1507 Windows 11 23h2 Windows 10 1607 +12
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-48811 MEDIUM PATCH This Month

A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows Server 2022 23h2 Windows Server 2016 Windows 10 1507 +11
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-48803 MEDIUM PATCH This Month

A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows 11 22h2 Windows 11 23h2 Windows 10 21h2 +11
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-0293 MEDIUM This Month

A security vulnerability in Ivanti Connect Secure (CVSS 6.6) that allows a remote authenticated attacker with admin rights. Remediation should follow standard vulnerability management procedures.

Code Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-21426 MEDIUM PATCH This Month

Memory corruption while processing camera TPG write request.

Buffer Overflow Wsa8832 Firmware Wsa8835 Firmware Snapdragon Ar1 Gen 1 Platform Firmware Ssg2115p Firmware +6
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-47978 MEDIUM PATCH This Month

Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.

Microsoft Information Disclosure Buffer Overflow Windows Server 2022 23h2 Windows Server 2022 +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-40593 MEDIUM This Month

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition.

Denial Of Service Simatic Cn 4100 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-41665 MEDIUM PATCH This Month

An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file.

Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49671 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow Windows Server 2022 Windows Server 2025 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-48802 MEDIUM PATCH This Month

Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.

Microsoft Information Disclosure Windows Server 2022 23h2 Windows Server 2022 Windows 11 22h2 +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49681 MEDIUM PATCH This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow Windows Server 2012 Windows Server 2022 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49670 MEDIUM PATCH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2025 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-7030 MEDIUM PATCH This Month

CVE-2025-7030 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Two Factor Authentication Drupal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5464 MEDIUM This Month

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.

Information Disclosure Ivanti Connect Secure
NVD
CVSS 3.1
6.5
EPSS
0.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy