Skip to main content
CVE-2025-54068 CRITICAL POC KEV PATCH THREAT Act Now

Laravel Livewire v3 through v3.6.3 contains a critical remote code execution vulnerability (CVE-2025-54068, CVSS 9.8) that allows unauthenticated attackers to execute commands through improper hydration of component property updates. KEV-listed with EPSS 16%, this vulnerability affects one of the most popular PHP frameworks, potentially compromising thousands of Laravel applications using Livewire for reactive server-side rendering.

Laravel PHP RCE Code Injection Livewire
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
16.0%
Threat
5.4
CVE-2025-53867 CRITICAL Act Now

Remote code execution in Island Lake Consulting's WebBatch prior to version 2025C allows remote attackers to run arbitrary code by supplying a crafted URL. Rated CVSS 9.8 with an unauthenticated network vector (PR:N/UI:N), the flaw stems from code injection (CWE-94) in the product's URL handling, giving full confidentiality, integrity, and availability compromise. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-interaction profile makes it a high-priority patch candidate.

Code Injection RCE
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-7757 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-property.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Land Record System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7752 MEDIUM POC This Month

A vulnerability was found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/deletedoctor.php. The manipulation of the argument did leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7751 MEDIUM POC This Month

A vulnerability has been found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addclinic.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7765 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addmanagerclinic.php. The manipulation of the argument clinic leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7764 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/deletedoctorclinic.php. The manipulation of the argument clinic leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7750 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/adddoctorclinic.php. The manipulation of the argument clinic leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7749 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /admin/getmanagerregion.php. The manipulation of the argument city leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7753 MEDIUM POC This Month

A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adddoctor.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-53816 MEDIUM POC PATCH CISA This Month

Heap buffer overflow in 7-Zip's RAR5 handler writes zeroes beyond allocated heap memory, causing memory corruption and denial of service in versions prior to 25.0.0. Local attackers can trigger this vulnerability by crafting malicious RAR5 archive files. Publicly available exploit code exists, making this a moderate-priority local vulnerability despite its network-isolated attack surface.

Heap Overflow Denial Of Service Buffer Overflow 7 Zip Suse
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7398 HIGH This Week

Weak cryptography in Brocade Active Support Connectivity Gateway (ASCG) versions prior to 3.3.0 exposes local communications on internal ports 9000 and 8036 to potential decryption and tampering. Local attackers with no privileges can compromise confidentiality and integrity of data transmitted through these internal service ports. No public exploit identified at time of analysis. EPSS data not available, but the local attack vector (AV:L) limits remote exploitation risk despite the 8.6 CVSS score.

Information Disclosure Brocade Active Support Connectivity Gateway
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-6391 HIGH This Week

JSON Web Token exposure in Brocade Active Support Connectivity Gateway (ASCG) prior to version 3.3.0 enables high-privileged local attackers to extract unencrypted authentication tokens from log files, leading to unauthorized access and session hijacking. This CWE-532 (insertion of sensitive information into log file) vulnerability requires local access with high privileges but presents low attack complexity. EPSS data not provided; no confirmed active exploitation (not present in CISA KEV); no public exploit code identified at time of analysis. The CVSS 4.0 score of 7.1 reflects significant confidentiality and integrity impact within the vulnerable component scope.

Information Disclosure Authentication Bypass Brocade Active Support Connectivity Gateway
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-7759 LOW POC PATCH Monitor

Server-side request forgery (SSRF) in thinkgem JeeSite up to version 5.12.0 allows authenticated remote attackers to manipulate the Source argument in the UEditor Image Grabber component (ActionEnter.java), enabling arbitrary HTTP requests from the vulnerable server with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, and a patch has been released by the vendor.

Java SSRF Jeesite
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7763 LOW POC PATCH Monitor

Open redirect vulnerability in JeeSite up to version 5.12.0 allows unauthenticated remote attackers to redirect users to arbitrary external websites via a crafted redirect parameter in the Site Controller select function. The vulnerability requires user interaction (clicking a malicious link) but carries low integrity impact through browser-based redirection. Publicly available exploit code exists, and a patch is available from the vendor; however, the EPSS score of 0.11% indicates low real-world exploitation probability despite public disclosure.

Java Open Redirect Jeesite
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7755 LOW POC Monitor

Unrestricted file upload in code-projects Online Ordering System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/edit_product.php, enabling remote code execution. The vulnerability affects the admin product editing functionality and has publicly available exploit code; however, the low CVSS score (2.1) and minimal EPSS percentile (26%) indicate limited real-world exploitation despite authenticated access requirements.

PHP Authentication Bypass File Upload Online Ordering System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7756 LOW POC Monitor

Cross-site request forgery (CSRF) vulnerability in code-projects E-Commerce Site version 1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users via a crafted request. The vulnerability requires user interaction (e.g., clicking a malicious link) and affects the integrity of user sessions. Publicly available exploit code exists, though the EPSS score of 0.06% indicates low real-world exploitation probability relative to the attack surface.

CSRF E Commerce Site
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7754 LOW POC Monitor

SQL injection in Patient Record Management System 1.0 via the itr_no parameter in /xray_form.php allows authenticated remote attackers to execute arbitrary SQL queries with low confidentiality, integrity, and availability impact. The vulnerability requires valid user credentials (PR:L) but can be exploited remotely over the network. Public exploit code is available, though real-world exploitation risk remains low given the EPSS score of 0.04% and limited scope of impact (local scope only, no confidentiality/integrity/availability impact to the system itself).

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-7729 LOW POC Monitor

Stored cross-site scripting (XSS) in Scada-LTS up to version 2.7.8.1 allows authenticated remote attackers to inject malicious scripts via the Username parameter in the usersProfiles.shtm file, with user interaction required to trigger payload execution. The vulnerability has a very low CVSS score (2.0) due to authentication and user interaction requirements, but public exploit code is available and vendor has confirmed remediation in version 2.8.0.

XSS Scada Lts
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-7728 LOW POC Monitor

Stored cross-site scripting (XSS) in Scada-LTS up to 2.7.8.1 allows authenticated users to inject malicious scripts via the Username parameter in the users.shtm file, enabling session hijacking or credential theft when administrators view affected user profiles. The vulnerability requires user interaction (clicking a malicious link) and authenticated access, resulting in low integrity impact. Public exploit code exists, though active exploitation has not been confirmed beyond disclosure. The vendor confirmed remediation in version 2.8.0.

XSS Scada Lts
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-46102 MEDIUM This Month

Reflected XSS in Beakon Learning Management System SCORM v5.4.3 allows an authenticated remote attacker to inject arbitrary JavaScript into a victim's browser session via the unsanitized `url` parameter of the SCORM loader endpoint. The PoC published on PacketStorm demonstrates direct cookie theft using a `javascript:alert(document.cookie)` payload, confirming the vulnerability is exploitable without specialized tooling. No patch has been identified at time of analysis; no public exploit identified at time of analysis beyond the published PoC, and EPSS at 0.25% (17th percentile) reflects low observed exploitation activity consistent with a niche product.

XSS Learning Management System Sharable Content Object Reference Model
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-7748 LOW Monitor

Reflected cross-site scripting (XSS) in ZCMS 3.6.0 Create Article Page allows authenticated attackers to inject malicious scripts via the Title parameter. The vulnerability requires user interaction (clicking a malicious link) and results in limited impact to integrity, with EPSS score of 0.05% (14th percentile) indicating minimal real-world exploitation probability despite public disclosure.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy