Skip to main content
CVE-2025-6018 HIGH POC PATCH This Week

Local privilege escalation in SUSE Linux Enterprise 15 / openSUSE Leap pam-config (PAM) lets an unprivileged local user - including one logged in remotely over SSH - be incorrectly treated as a physically present "allow_active" console user. By gaining that session status, the attacker can invoke Polkit actions normally gated to active console sessions, and publicly available exploit code (Qualys) chains this with the udisks flaw CVE-2025-6019 to reach full root. There is no public evidence of active exploitation (not in CISA KEV), but working POC exploit code exists.

Authentication Bypass Privilege Escalation Pam Config
NVD Exploit-DB GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-46171 MEDIUM POC This Month

Uncontrolled resource consumption in vBulletin 3.8.7 allows an authenticated forum user to crash the forum by requesting the misc.php?do=buddylist endpoint when their buddy list is sufficiently large, exhausting server memory and causing a denial-of-service condition. The affected version (3.8.7) is a legacy release of the vBulletin PHP forum software, limiting the real-world attack surface to older, unmaintained deployments. No public exploit identified at time of analysis via CISA KEV, but a publicly available proof-of-concept exists on GitHub; EPSS sits at 0.25% (16th percentile), indicating low exploitation probability in the current threat landscape.

Denial Of Service PHP Vbulletin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-8020 HIGH This Week

Server-Side Request Forgery (SSRF) in the private-ip npm package allows remote unauthenticated attackers to bypass IP filtering by providing multicast addresses (224.0.0.0/4) that the library incorrectly validates as safe, enabling access to internal network resources. This affects all versions of the package with a CVSS 4.0 score of 7.8 (High) and proof-of-concept exploit code is publicly available per the E:P metric. Organizations using private-ip for server-side request validation are at immediate risk of internal network reconnaissance and data exfiltration.

SSRF
NVD GitHub
CVSS 4.0
7.8
EPSS
0.0%
CVE-2025-46099 HIGH This Week

Arbitrary command execution in Pluck CMS 4.7.20-dev lets an authenticated administrator upload a crafted PHP file into the albums module directory and then invoke it through the routing logic in albums.site.php, passing OS commands via a GET parameter. The flaw stems from unrestricted file upload (CWE-434) combined with the module directory being directly web-accessible and PHP-executable, turning legitimate album management into a code-execution primitive. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, with a low EPSS probability of 0.51% (40th percentile).

PHP File Upload Pluck
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-4411 MEDIUM This Month

Cross-site scripting in Dataprom Informatics PACS-ACSS (Physical Access Control and Security System) affects all versions prior to the 16.05.2025 release, enabling unauthenticated remote attackers to inject and execute malicious scripts in the context of a victim's browser session. The CVSS vector assigns UI:N (no user interaction), which for XSS typically implies stored rather than reflected injection - meaning a payload planted in the system may execute automatically when administrators or operators view affected pages. No public exploit code has been identified at time of analysis, and no active exploitation is confirmed; however, the sensitivity of physical access control systems makes even moderate-severity XSS high-consequence in operational environments.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-6261 MEDIUM This Month

Stored cross-site scripting in Fleetwire Fleet Management WordPress plugin versions up to 1.0.19 allows authenticated contributors and above to inject malicious scripts via the fleetwire_list shortcode due to insufficient input sanitization and output escaping. When site visitors access pages containing the injected shortcode, the attacker's scripts execute in their browsers with access to session cookies and site functionality, enabling credential theft, malware distribution, or defacement. No public exploit code or active exploitation has been confirmed at time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-5753 MEDIUM This Month

Stored Cross-Site Scripting in the Valuation Calculator WordPress plugin (all versions up to 1.3.2) allows authenticated attackers with Contributor-level access or higher to inject arbitrary JavaScript through the 'link' parameter due to insufficient input sanitization and output escaping. Injected scripts execute in the context of any user viewing the affected page, potentially compromising site visitors and enabling session hijacking, credential theft, or malware distribution. No public exploit code or active exploitation has been confirmed at time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-5818 MEDIUM This Month

Server-Side Request Forgery in Featured Image Plus - Quick & Bulk Edit with Unsplash WordPress plugin through version 1.6.6 allows authenticated administrators to make arbitrary web requests from the vulnerable server via the fip_get_image_options() function, potentially enabling reconnaissance and modification of internal services. No public exploit code or active CISA KEV confirmation documented; however, the vulnerability requires administrator-level access and presents a CVSS 5.5 score reflecting limited confidentiality and integrity impact.

WordPress SSRF
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-4296 MEDIUM This Month

Open redirect in HotelRunner B2B enables unauthenticated remote attackers to silently forward victims from a trusted HotelRunner domain to an arbitrary external URL via a crafted link. The CVSS Scope:Changed rating reflects that the impact escapes the vulnerable component into the user's browser context, enabling phishing, credential harvesting, or malware delivery under the cover of a legitimate hospitality platform domain. No public exploit code exists and no active exploitation has been confirmed; EPSS of 0.17% (38th percentile) indicates low automated exploitation probability at this time.

Open Redirect
NVD VulDB
CVSS 3.1
4.7
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy