Skip to main content
CVE-2025-53833 CRITICAL POC PATCH THREAT Act Now

LaRecipe versions prior to 2.8.1 contain a Server-Side Template Injection (SSTI) vulnerability that can lead to Remote Code Execution (RCE) in vulnerable configurations. The vulnerability allows unauthenticated network attackers to execute arbitrary commands on the server, access sensitive environment variables, and escalate privileges without requiring user interaction or special access. With a perfect CVSS 3.1 score of 10.0 and network-based attack vector, this represents a critical threat to all unpatched LaRecipe installations.

RCE Laravel PHP Information Disclosure Code Injection
NVD GitHub
CVSS 3.1
10.0
EPSS
16.8%
Threat
4.0
CVE-2025-50756 CRITICAL POC Act Now

CVE-2025-50756 is a critical unauthenticated command injection vulnerability in the Wavlink WN535K3 router (firmware version 20191010) affecting the set_sys_adm function's newpass parameter. An unauthenticated remote attacker can execute arbitrary system commands with root privileges by sending a crafted request, enabling complete device compromise including data theft, malware installation, and lateral network movement. The CVSS 9.8 score reflects maximum severity; KEV status and active exploitation likelihood are elevated given the high exploitability characteristics (network-accessible, no authentication required, low attack complexity).

Command Injection Wn535k3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-7574 CRITICAL POC Act Now

CVE-2025-7574 is a critical authentication bypass vulnerability in LB-LINK wireless router web interfaces affecting multiple models (BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P, BL-WR9000) up to version 20250702. The vulnerability in the /cgi-bin/lighttpd.cgi reboot/restore functions allows unauthenticated remote attackers to achieve complete system compromise with high confidentiality, integrity, and availability impact (CVSS 9.8). A public exploit has been disclosed, the vendor has not responded to responsible disclosure efforts, and the attack requires no user interaction or special network conditions.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-7598 HIGH POC This Week

CVE-2025-7598 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router (version 1.0.0.1) affecting the WiFi MAC filter configuration endpoint. An authenticated remote attacker can exploit improper input validation in the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impacts). Public exploit code has been disclosed and the vulnerability may be actively exploited.

Buffer Overflow RCE Ax1803 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7597 HIGH POC This Week

CVE-2025-7597 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router firmware (version 1.0.0.1) affecting the MAC filter configuration function. An authenticated attacker can remotely exploit this via the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, availability). A public exploit has been disclosed and the vulnerability may be actively exploited.

Buffer Overflow Ax1803 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7596 HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda FH1205 firmware version 2.0.0.7(775) within the WifiExtraSet web form handler, triggered via the wpapsk_crypto parameter. This authenticated remote vulnerability allows attackers with user-level privileges to achieve complete system compromise including code execution, data theft, and device disruption. The vulnerability has public exploit disclosure and active exploitation potential, making it a high-priority security concern for deployed devices.

Buffer Overflow Fh1205 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7586 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow Ac500 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7551 HIGH POC This Week

CVE-2025-7551 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit improper input validation in the modino/username parameters to overflow the stack, achieving code execution with high confidentiality, integrity, and availability impact. A public proof-of-concept exists and the vulnerability may be actively exploited.

Buffer Overflow Fh1201 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7571 HIGH POC This Week

A critical buffer overflow vulnerability exists in UTT HiPER 840G devices up to version 3.1.1-190328, affecting the /goform/aspApBasicConfigUrcp endpoint's Username parameter. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. Public proof-of-concept code is available, and the vendor has not responded to early disclosure attempts, indicating no official patch is available.

Buffer Overflow 840g Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-7570 HIGH POC This Week

CVE-2025-7570 is a critical remote buffer overflow vulnerability in UTT HiPER 840G devices up to version 3.1.1-190328, affecting the /goform/aspRemoteApConfTempSend endpoint via the remoteSrcTemp parameter. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public exploit exists and the vendor has not responded to early disclosure, indicating active exploitation risk.

Buffer Overflow 840g Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-53823 HIGH POC PATCH This Week

WeGIA versions prior to 3.4.5 contain a SQL Injection vulnerability in the member deletion endpoint that allows authenticated users to execute arbitrary SQL commands via the `id_socio` parameter. This high-severity vulnerability (CVSS 8.8) compromises the confidentiality, integrity, and availability of the entire database. The vulnerability requires valid credentials to exploit but offers complete database compromise once authenticated.

PHP SQLi Information Disclosure Wegia
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-26291 HIGH POC PATCH This Week

A information disclosure vulnerability (CVSS 8.7). High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-42646 HIGH POC This Week

CVE-2024-42646 is a segmentation fault vulnerability in NanoMQ v0.21.10 that allows unauthenticated remote attackers to trigger a denial of service condition by sending specially crafted messages. This is a network-accessible DoS vulnerability with high availability impact (CVSS 7.5) that affects message broker deployments. The vulnerability requires no authentication or user interaction, making it easily exploitable in production environments.

Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53015 HIGH POC PATCH This Week

CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops during XMP file conversion operations. An unauthenticated attacker can trigger this vulnerability remotely by submitting a maliciously crafted XMP file, resulting in resource exhaustion and service unavailability. The vulnerability has a CVSS score of 7.5 (High) due to its network-exploitable nature and availability impact, though it does not affect confidentiality or integrity.

Information Disclosure Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-53101 HIGH POC PATCH This Week

A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is available.

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-7603 HIGH POC This Week

CVE-2025-7603 is a critical stack-based buffer overflow vulnerability in D-Link DI-8100 firmware version 16.07.26A1, affecting the HTTP Request Handler component (/jingx.asp file). An authenticated remote attacker with high privileges can exploit this vulnerability to achieve complete compromise of the device, including code execution, data theft, and denial of service. A public proof-of-concept exploit exists, increasing real-world exploitation risk.

Buffer Overflow D-Link RCE Di 8100 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-7602 HIGH POC This Week

CVE-2025-7602 is a critical stack-based buffer overflow vulnerability in D-Link DI-8100 firmware version 16.07.26A1 affecting the /arp_sys.asp HTTP endpoint. An authenticated remote attacker with high privileges can exploit this vulnerability to achieve arbitrary code execution, potentially compromising device integrity, confidentiality, and availability. Public exploit code is available, elevating real-world risk despite the CVSS 7.2 score.

Buffer Overflow D-Link RCE Di 8100 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-7564 HIGH POC This Week

Hard-coded credentials in LB-LINK BL-AC3600 firmware 1.0.22 allow local authenticated attackers to escalate privileges to full system compromise. The router firmware contains static credentials 'root:blinkadmin' in /etc/shadow, enabling any user with device access to gain root-level control. Publicly available exploit code demonstrates practical exploitation (POC confirmed via GitHub). Despite CVSS 7.1 and low EPSS score (0.03%, 6th percentile), this represents a complete device takeover for home/SOHO networks where physical or admin panel access exists. Vendor (LB-LINK) unresponsive to disclosure attempts, indicating no patch is forthcoming.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-52363 MEDIUM POC This Month

Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access

Authentication Bypass Cp3 Pro Firmware Tenda
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-42649 MEDIUM POC This Month

NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.

Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53640 MEDIUM POC PATCH This Month

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could be misused to dump basic user details (such as name, affiliation and email) in bulk. Version 3.3.7 fixes the issue. Owners of instances that allow everyone to create a user account, who wish to truly restrict access to these user details, should consider restricting user search to managers. As a workaround, it is possible to restrict access to the affected endpoints (e.g. in the webserver config), but doing so would break certain form fields which could no longer show the details of the users listed in those fields, so upgrading instead is highly recommended.

Information Disclosure Python Indico
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-42648 MEDIUM POC This Month

NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.

Buffer Overflow Memory Corruption Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53822 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `relatorio_geracao.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `tipo_relatorio` parameter. Version 3.4.5 has a patch for the issue.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53820 MEDIUM POC PATCH This Month

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `index.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `erro` parameter. Version 3.4.5 contains a patch for the issue.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-7451 CRITICAL PATCH Act Now

CVE-2025-7451 is a critical OS Command Injection vulnerability in iSherlock (developed by Hgiga) that allows unauthenticated remote attackers to execute arbitrary operating system commands on vulnerable servers with no authentication required. The vulnerability has active in-the-wild exploitation, carries a maximum CVSS score of 9.8, and poses immediate risk to all exposed instances. Organizations running iSherlock must apply patches immediately.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-53639 CRITICAL PATCH Act Now

CVE-2025-53639 is a critical SQL injection vulnerability in MeterSphere's API sorting functionality where the sortField parameter lacks proper input validation and sanitization. All versions prior to 3.6.5-lts are affected, allowing unauthenticated remote attackers to execute arbitrary SQL statements and completely compromise database integrity, availability, and confidentiality. This is a network-exploitable vulnerability with no authentication required and high real-world risk.

SQLi Java Metersphere
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-51650 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.

File Upload PHP RCE Command Injection Foxcms
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-53825 CRITICAL PATCH Act Now

CVE-2025-53825 is a critical unauthenticated remote code execution vulnerability in Dokploy versions prior to 0.24.3, where attackers can execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This vulnerability affects all public Dokploy instances utilizing preview deployments and carries a CVSS score of 9.4 (Critical), with no authentication or user interaction required, making it immediately exploitable by any network-adjacent attacker.

RCE Dokploy
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2025-7587 MEDIUM POC This Month

CVE-2025-7587 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, affecting the /cover.php endpoint where uname and psw parameters are not properly sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to data exfiltration, authentication bypass, and database manipulation. The vulnerability has been publicly disclosed with working exploits available, making active exploitation highly probable in the wild.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7576 MEDIUM POC This Month

CVE-2025-7576 is a critical improper access control vulnerability affecting Teledyne FLIR thermal imaging devices (FB-Series O and FH-Series) running firmware version 1.3.2.16 and earlier. An unauthenticated remote attacker can exploit the vulnerable /priv/production/production.html endpoint to gain unauthorized access with low complexity, potentially reading, modifying, or disrupting system availability. Public exploit code exists and the vendor has not responded to disclosure, increasing real-world exploitation risk.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7604 MEDIUM POC This Month

PHPGurukul Hospital Management System 4.0 contains a critical SQL injection vulnerability in the /user-login.php file's Username parameter that allows unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with proof-of-concept code available, enabling unauthorized access to sensitive hospital patient data, user credentials, and potential system compromise. With a CVSS score of 7.3 and an attack vector requiring only network access and no authentication, this represents an immediate threat to healthcare organizations running affected versions.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7595 MEDIUM POC This Month

A critical SQL injection vulnerability exists in code-projects Job Diary 1.0 via the ID parameter in /view-cad.php, allowing unauthenticated remote attackers to execute arbitrary SQL commands and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, and while the CVSS score is 7.3 (High), the unauthenticated attack vector and low complexity suggest active exploitation is likely. No patch has been confirmed available as of this analysis.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7594 MEDIUM POC This Month

CVE-2025-7594 is a critical SQL injection vulnerability in code-projects Job Diary version 1.0 affecting the /view-emp.php endpoint's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with exploit code available, and the low attack complexity combined with network accessibility makes this a high-priority threat requiring immediate patching.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7593 MEDIUM POC This Month

CVE-2025-7593 is a critical SQL injection vulnerability in code-projects Job Diary 1.0 affecting the /view-all.php endpoint's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially exfiltrate sensitive data, modify records, or disrupt application availability. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate-to-high impact across confidentiality, integrity, and availability. This represents an active threat requiring immediate patching.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7612 MEDIUM POC This Month

CVE-2025-7612 is a critical SQL injection vulnerability in code-projects Mobile Shop 1.0 affecting the /login.php file's email parameter, allowing remote unauthenticated attackers to execute arbitrary SQL queries and potentially extract or modify sensitive data. The vulnerability has been publicly disclosed with exploit code available, making it actively exploitable in the wild. With a CVSS score of 7.3 and demonstrated public PoC availability, this represents an immediate threat to deployments of this product.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7611 MEDIUM POC This Month

CVE-2025-7611 is a critical SQL injection vulnerability in code-projects Wedding Reservation version 1.0, affecting the /global.php file's 'lu' parameter. Remote unauthenticated attackers can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, significantly increasing real-world exploitation risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7610 MEDIUM POC This Month

CVE-2025-7610 is a critical SQL injection vulnerability in code-projects Electricity Billing System 1.0 affecting the password change functionality at /user/change_password.php. An unauthenticated remote attacker can inject arbitrary SQL commands through the new_password parameter to read, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, making active exploitation highly probable.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7609 MEDIUM POC This Month

CVE-2025-7609 is a critical SQL injection vulnerability in code-projects Simple Shopping Cart 1.0 affecting the /register.php endpoint via the ruser_email parameter. An unauthenticated remote attacker can exploit this to read, modify, or delete database contents, potentially compromising user data and application integrity. Public exploit code exists, increasing real-world exploitation risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7608 MEDIUM POC This Month

CVE-2025-7608 is a critical SQL injection vulnerability in code-projects Simple Shopping Cart 1.0 affecting the /userlogin.php endpoint's user_email parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept exploit code available, and while the CVSS score is 7.3 (moderate-to-high severity), the low attack complexity and lack of authentication requirements make this a high-priority exploit target for threat actors.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7607 MEDIUM POC This Month

CVE-2025-7607 is a critical SQL injection vulnerability in code-projects Simple Shopping Cart 1.0 affecting the /Customers/save_order.php file, where the order_price parameter is improperly sanitized, allowing remote unauthenticated attackers to execute arbitrary SQL queries. The vulnerability has a public exploit disclosure and carries a CVSS score of 7.3 with demonstrated real-world exploitation potential, making it a high-priority security concern for affected deployments.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7605 MEDIUM POC This Month

CVE-2025-7605 is a critical SQL injection vulnerability in code-projects AVL Rooms 1.0 affecting the /profile.php endpoint via the first_name parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or system compromise. Public exploit code is available and the vulnerability is likely to be actively exploited given its network-accessible nature, low attack complexity, and lack of authentication requirements.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7606 MEDIUM POC This Month

CVE-2025-7606 is a critical SQL injection vulnerability in code-projects AVL Rooms 1.0 affecting the /city.php file, where the 'city' parameter is improperly sanitized, allowing remote unauthenticated attackers to execute arbitrary SQL queries. The vulnerability has a CVSS score of 7.3 (High) with confirmed public exploit disclosure and active exploitation potential, enabling attackers to read, modify, or delete database contents without authentication.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-51651 MEDIUM POC This Month

A arbitrary file access vulnerability in the component /admin/Backups.php of Mccms (CVSS 5.5) that allows attackers. Risk factors: public PoC available.

PHP Information Disclosure Mccms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-51660 MEDIUM POC This Month

SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.

PHP SQLi Semcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-51659 MEDIUM POC This Month

SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.

PHP SQLi Semcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-51658 MEDIUM POC This Month

SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.

PHP SQLi Semcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-51657 MEDIUM POC This Month

SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.

PHP SQLi Semcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-51656 MEDIUM POC This Month

SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.

PHP SQLi Semcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-51655 MEDIUM POC This Month

SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.

PHP SQLi Semcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-51654 MEDIUM POC This Month

SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.

PHP SQLi Semcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy