Skip to main content
CVE-2025-8205 LOW POC Monitor

Comodo Dragon up to version 134.0.6998.179 transmits sensitive DNS information in cleartext via its IP DNS Leakage Detector component, allowing remote attackers to intercept and read this data. The vulnerability has a low CVSS score of 2.9 (limited confidentiality impact) but is marked as having publicly available exploit code with difficult exploitation complexity. The vendor was notified but did not respond, and active exploitation is not confirmed despite public disclosure.

Information Disclosure Dragon
NVD VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-8174 LOW POC Monitor

Unrestricted file upload in code-projects Voting System 1.0 allows authenticated remote attackers to upload arbitrary files via the photo parameter in /admin/candidates_add.php, potentially enabling remote code execution. The vulnerability requires valid administrative credentials and has been publicly disclosed with exploit code available, though real-world exploitation risk is minimal given the CVSS 2.1 score and 0.06% EPSS percentile reflecting low automatable impact and authentication barriers.

PHP Authentication Bypass File Upload Voting System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8191 LOW POC Monitor

Cross-site scripting (XSS) in macrozheng mall up to version 1.0.3 allows authenticated remote attackers to inject malicious scripts via the configUrl parameter in the Swagger UI component (/swagger-ui/index.html). Exploitation requires user interaction (clicking a malicious link) and an authenticated session, limiting attack scope to integrity impact. Publicly available exploit code exists, and the vendor has not responded to early disclosure or patched the vulnerability.

XSS Mall
NVD GitHub VulDB Exploit-DB
CVSS 4.0
2.0
EPSS
0.5%
CVE-2025-8211 LOW POC Monitor

Roothub versions up to 2.6 contain a reflected cross-site scripting (XSS) vulnerability in the SystemConfigAdminController Edit function that allows authenticated users to inject malicious scripts via the web interface. The vulnerability requires user interaction (clicking a malicious link) and authenticated access, limiting its practical impact despite network-accessible delivery. Publicly available exploit code exists, though real-world exploitation risk is low given the EPSS score of 0.06% and the authentication barrier.

Java XSS Roothub
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-8210 LOW POC Monitor

Improper export of Android application components in Yeelink Yeelight App up to version 3.5.4 allows local attackers with user-level privileges to access sensitive application functions through the AndroidManifest.xml configuration of the com.yeelight.cherry component. The vulnerability has a very low real-world impact (CVSS 1.9, EPSS 0.03%) despite public exploit availability, as exploitation requires local device access and user-level privileges, limiting practical attack scenarios to compromised or physically accessible devices.

Information Disclosure Google Yeelight Classic
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8207 LOW POC Monitor

Improper export of Android application components in Canara ai1 Mobile Banking App version 3.6.23 allows local attackers with user-level privileges to access sensitive exported components via AndroidManifest.xml misconfigurations. The vulnerability enables information disclosure with low confidentiality impact. Public exploit code exists but real-world exploitation risk is minimal (EPSS 0.03%, CVSS 1.9) due to requirement for local device access and authenticated user privileges.

Information Disclosure Google Ai1
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8176 LOW POC PATCH Monitor

Use-after-free vulnerability in LibTIFF up to version 4.7.0 affects the get_histogram function in tiffmedian.c, allowing local authenticated attackers to cause denial of service or limited data corruption. Despite a critical severity declaration and publicly available exploit code, the CVSS 4.0 vector assigns a low score (1.9) due to local-only access requirements, high attack complexity constraints, and limited impact scope; EPSS places real exploitation probability at 0.03%, suggesting this remains a low-priority issue in typical deployments.

Buffer Overflow Denial Of Service Libtiff
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8204 LOW POC Monitor

Comodo Dragon browser versions up to 134.0.6998.179 contain an HSTS Handler vulnerability that bypasses security checks for standard compliance, allowing remote attackers with user interaction to disclose sensitive information. The CVSS score of 1.3 reflects high attack complexity and limited integrity impact, but public exploit code is available and the vendor did not respond to early disclosure, leaving affected users without official patches.

Information Disclosure Dragon
NVD VulDB
CVSS 4.0
1.3
EPSS
0.2%
CVE-2025-8206 LOW POC Monitor

Cross-site scripting (XSS) in Comodo Dragon up to version 134.0.6998.179 affects the IP DNS Leakage Detector component, allowing remote attackers to inject malicious scripts. The vulnerability requires user interaction and involves high attack complexity, resulting in limited integrity impact. Public exploit code exists and the vendor has not responded to disclosure, though EPSS scoring (0.05%, 15th percentile) and lack of CISA KEV listing suggest low real-world exploitation likelihood despite proof-of-concept availability.

XSS Dragon
NVD VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-8182 LOW Monitor

Weak password requirements in Tenda AC18 firmware version 15.03.05.19 allow remote attackers to conduct brute-force attacks against Samba authentication via the /etc_ro/smb.conf configuration file. The vulnerability requires high attack complexity and has been publicly disclosed, though exploitation difficulty remains elevated. CVSS 2.9 and EPSS 0.07% (20th percentile) indicate low real-world risk despite proof-of-concept availability.

Tenda Information Disclosure Brute Force Ac18 Firmware
NVD VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-8189 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_user.php, affecting data confidentiality and integrity. The vulnerability has publicly available exploit code but carries a very low EPSS score (0.06%, percentile 19%), suggesting minimal real-world exploitation risk despite the critical classification and public disclosure.

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8188 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the ID parameter in /edit_staff.php, affecting database confidentiality and integrity with low severity impact. Publicly available exploit code exists, though CVSS 2.1 and EPSS 0.06% indicate limited real-world exploitation probability despite the vulnerability's technical criticality classification.

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8187 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_parcel.php, potentially leading to unauthorized data access or modification. The vulnerability has been publicly disclosed with exploit code available, though CVSS 2.1 and EPSS 0.06% indicate limited real-world impact due to authentication requirement and low technical scope (no confidentiality or integrity impact to the system itself).

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8186 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_branch.php, potentially compromising database confidentiality and integrity. The vulnerability requires valid user credentials (PR:L) but is easily exploitable with low technical complexity. Exploit code has been publicly disclosed, though real-world exploitation likelihood remains low per EPSS score (0.06%).

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8190 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 via the ids parameter in /print_pdets.php allows authenticated remote attackers to execute arbitrary SQL queries with limited impact. Despite critical classification, the CVSS v4.0 score of 2.1 reflects low confidentiality, integrity, and availability impact; EPSS exploitation probability is minimal at 0.06% (19th percentile), and the vulnerability requires valid user authentication to trigger.

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8203 LOW Monitor

SQL injection in Jingmen Zeyou Large File Upload Control through version 6.3 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /index.jsp, with publicly available exploit code and vendor non-responsiveness indicating limited remediation prospects.

SQLi File Upload Large File Upload Control
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy