Skip to main content
CVE-2025-8227 LOW POC Monitor

Unsafe deserialization in ChanCMS up to version 3.1.2 allows authenticated remote attackers to trigger deserialization vulnerabilities via the taskUrl parameter in the /collect/getArticle endpoint, potentially leading to code execution. The vulnerability has limited confidentiality, integrity, and availability impact per CVSS 4.0 scoring (2.1 score). Publicly available exploit code exists, and the vendor has released patched version 3.1.3.

Deserialization Chancms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-8228 LOW POC Monitor

Server-side request forgery in ChanCMS up to version 3.1.2 allows authenticated attackers to conduct SSRF attacks via the targetUrl parameter in the /cms/collect/getPages endpoint. The CVSS score of 2.1 reflects low confidentiality and integrity impact on the vulnerable component itself, but the publicly disclosed exploit and low EPSS score (0.10%, percentile 26%) suggest this vulnerability carries minimal real-world exploitation risk despite active public disclosure.

SSRF Chancms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8226 LOW POC Monitor

ChanCMS up to version 3.1.2 permits information disclosure through improper validation of accessKey and secretKey parameters in the /sysApp/find endpoint, allowing authenticated remote attackers to access sensitive data. The vulnerability has a low CVSS score of 2.1 (CVSS:4.0/AV:N/AC:L/PR:L) reflecting limited confidentiality impact and requirement for low-privilege authentication, but publicly available exploit code exists and exploitation probability (EPSS 0.09%) is extremely low, suggesting this is a narrow-scope, low-urgency issue despite public disclosure.

Information Disclosure Chancms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8223 LOW POC Monitor

Cross-site request forgery in jerryshensjf JPACookieShop (蛋糕商城JPA版) allows unauthenticated remote attackers to perform unauthorized actions via crafted requests to AdminTypeCustController.java, requiring user interaction. The vulnerability has a low CVSS score of 2.1 but public exploit code is available; however, the extremely low EPSS percentile (23%) suggests minimal real-world exploitation despite public disclosure.

CSRF Jpacookieshop
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8221 LOW POC Monitor

Reflected cross-site scripting (XSS) in JPACookieShop's GoodsCustController.goodsSearch function allows remote unauthenticated attackers to inject malicious scripts via the keyword parameter, affecting user sessions with minimal complexity. The vulnerability carries a CVSS 2.1 score but requires user interaction (clicking a malicious link), and public exploit code is available. With an EPSS of 0.06% and no confirmed active exploitation in the wild, the real-world risk is low despite the disclosed POC.

XSS Jpacookieshop
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8222 LOW POC Monitor

Stored cross-site scripting (XSS) in JPACookieShop GoodsController allows authenticated users to inject malicious scripts that execute in other users' browsers, with public exploit code available and CVSS 2.0 reflecting low impact due to required user interaction and authenticated access prerequisites.

XSS Jpacookieshop
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-8224 LOW POC Monitor

Null pointer dereference in GNU Binutils 2.44 BFD Library function bfd_elf_get_str_section causes denial of service when processing malformed ELF files locally. The vulnerability requires local access with limited privileges (PR:L) and publicly available exploit code exists, though EPSS scoring (0.04%, 12th percentile) indicates low real-world exploitation probability despite public disclosure.

Denial Of Service
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8225 LOW POC PATCH Monitor

Memory leak in GNU Binutils 2.44 DWARF section handler allows local authenticated users to consume memory resources, potentially leading to denial of service. The vulnerability exists in the process_debug_info function of binutils/dwarf.c and is triggered during DWARF debug information parsing. Publicly available exploit code exists, and a vendor patch has been released.

Information Disclosure Binutils
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8230 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /manage_user.php, with publicly available exploit code disclosed. Despite a critical classification, the CVSS 4.0 vector reflects low impact (confidentiality, integrity, availability all limited) and EPSS score of 0.06% suggests minimal real-world exploitation probability.

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8229 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the parameter 's' in /parcel_list.php, with publicly available exploit code disclosed. Despite a critical classification in the original report, the CVSS 4.0 score of 2.1 reflects limited confidentiality, integrity, and availability impact constrained by the requirement for prior authentication (PR:L) and absence of scope escalation; EPSS scoring of 0.06% indicates low real-world exploitation probability despite public POC availability.

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy