Skip to main content
CVE-2025-27889 LOW POC PATCH Monitor

CVE-2025-27889 is a security vulnerability (CVSS 3.4). Risk factors: public PoC available.

Information Disclosure
NVD GitHub
CVSS 3.1
3.4
EPSS
0.0%
CVE-2025-7407 LOW POC Monitor

A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection Netgear
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2025-7414 LOW POC Monitor

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection Tenda
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.7%
CVE-2025-7415 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection Tenda
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.6%
CVE-2025-7413 LOW POC Monitor

A vulnerability classified as critical has been found in code-projects Library System 1.0. This affects an unknown part of the file /user/teacher/profile.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

File Upload PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7412 LOW POC Monitor

A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/student/profile.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

File Upload PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7408 LOW POC Monitor

A vulnerability has been found in SourceCodester Zoo Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/templates/animal_form_template.php. The manipulation of the argument msg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-27613 LOW PATCH Monitor

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk's Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.

Command Injection Ubuntu Debian
NVD GitHub
CVSS 3.1
3.6
EPSS
0.0%
CVE-2023-50458 LOW PATCH Monitor

A security vulnerability in Dradis (CVSS 3.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-49462 LOW PATCH Monitor

Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.

XSS CSRF
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-6168 LOW PATCH Monitor

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.

Gitlab Authentication Bypass Debian
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-4972 LOW PATCH Monitor

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.

Gitlab Authentication Bypass Debian
NVD
CVSS 3.1
2.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy