Skip to main content
CVE-2025-45619 MEDIUM POC This Month

Remote code execution in AVer PTC310UV2 conference camera firmware v.0.1.0000.59 is reachable by unauthenticated network attackers through command injection in the SendAction function. Unsanitized input passed to the SendAction API is processed directly as a system command, enabling full device compromise on any network-accessible unit. A public proof-of-concept exploit exists on GitHub, materially lowering the attack barrier despite a low EPSS exploitation probability of 0.97%; no active exploitation has been confirmed via CISA KEV.

Command Injection RCE Ptc310Uv2 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2025-25691 MEDIUM POC This Month

Remote code execution in PrestaShop 8.2.0 is achievable through a PHAR deserialization flaw in the theme import endpoint (/themes/import), where a crafted POST request containing a malicious PHP Archive triggers arbitrary code execution on the server. A publicly available proof-of-concept exploit exists on GitHub, lowering the technical barrier for skilled attackers. No active exploitation has been confirmed in CISA KEV, but the combination of a public POC and a targeted admin-facing endpoint warrants prompt remediation for any deployment on this version.

Command Injection Deserialization RCE Prestashop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2025-25692 MEDIUM POC This Month

Unauthenticated remote code execution in PrestaShop 8.2.0 is achievable via PHAR deserialization in the _getHeaders function, triggered through a crafted POST request. The publicly available proof-of-concept lowers the bar for exploitation against unpatched storefronts. No active KEV listing exists, but the network-accessible attack surface of e-commerce deployments and the confirmed exploit code make this a meaningful priority for PrestaShop 8.2.0 operators despite a low EPSS score of 0.77%.

Command Injection Deserialization RCE Prestashop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2025-8336 MEDIUM POC This Month

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_user. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Recruitment Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8334 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_recruitment_status. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Recruitment Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8333 MEDIUM POC This Month

A vulnerability was found in code-projects Online Farm System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /categoryvalue.php. The manipulation of the argument Value leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Farm System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8332 MEDIUM POC This Month

A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /register.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Farm System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8331 MEDIUM POC This Month

A vulnerability was found in code-projects Online Farm System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot_pass.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Farm System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8330 MEDIUM POC This Month

A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit1.php. The manipulation of the argument sno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8329 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8328 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument USN leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8327 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s8.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8326 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/delete_s7.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-43214 MEDIUM PATCH This Month

Safari and related Apple platforms crash when processing maliciously crafted web content due to improper memory handling in a buffer overflow condition (CWE-119). The vulnerability affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger denial of service by hosting or injecting malicious web content that causes an unexpected browser crash. No public exploit code or active exploitation has been confirmed at time of analysis, though the low EPSS score (0.15%) suggests minimal real-world exploitation likelihood despite the moderate CVSS 6.5 severity.

Apple Ipados Iphone Os Tvos Visionos +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43213 MEDIUM PATCH This Month

Safari and Apple platform web content processing crashes due to a buffer overflow vulnerability when handling maliciously crafted web content. Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Unauthenticated remote attackers can trigger a denial of service by enticing users to visit a malicious webpage, resulting in application crash with no data theft or code execution capability. No public exploit identified at time of analysis; EPSS score of 0.12% indicates low real-world exploitation probability despite moderate CVSS rating.

Apple Ipados Iphone Os Tvos Visionos +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43216 MEDIUM PATCH This Month

Safari and Apple operating systems contain a use-after-free vulnerability in web content processing that causes unexpected application crashes when users visit maliciously crafted websites. The flaw affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier (also iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Remote attackers can trigger a denial-of-service condition requiring only user interaction to visit a malicious page, with no elevated privileges required. Apple has released patches for all affected platforms; the EPSS score of 0.10% (28th percentile) indicates low real-world exploitation probability despite the accessibility of the attack vector.

Apple Safari iOS macOS Use After Free +8
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43212 MEDIUM PATCH This Month

Safari and related Apple platforms crash when processing maliciously crafted web content due to a memory handling vulnerability (buffer overflow). Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger a denial of service by hosting or injecting malicious web content, with user interaction required to visit the affected content. No public exploit code or active exploitation has been confirmed (EPSS 0.08% indicates minimal real-world exploitation activity to date).

Apple Safari iOS macOS Memory Corruption +8
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43240 MEDIUM PATCH This Month

Safari and macOS contain a logic flaw that allows incorrect association of a download's origin, potentially disclosing information about file provenance to local attackers. The vulnerability affects Safari 18.6 and earlier, plus macOS Sequoia 15.6 and earlier, and requires local access (no authentication needed) to exploit. This is a low-exploitation-probability issue (EPSS 0.03%) with no confirmed active exploitation or public POC at time of analysis.

Apple Safari macOS Information Disclosure Red Hat +1
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-43211 MEDIUM PATCH This Month

Denial-of-service vulnerability in Apple's WebKit engine affects Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS through improper memory handling during web content processing. Local attackers without authentication can trigger this vulnerability via crafted web content to cause application crashes. Vendor-released patches are available across all affected platforms; EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite the moderate CVSS 6.2 rating.

Apple Safari iOS macOS Denial Of Service +8
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-43229 MEDIUM This Month

Universal cross-site scripting (XSS) in Safari and macOS allows remote attackers to execute arbitrary JavaScript in the context of visited websites by processing maliciously crafted web content. The vulnerability affects Safari 18.5 and earlier, and macOS Sequoia 15.5 and earlier, and is fixed in Safari 18.6 and macOS Sequoia 15.6. Attack requires user interaction (clicking a malicious link or visiting a compromised site) but carries no authentication requirement. EPSS score of 0.04% indicates low real-world exploitation probability despite the moderate CVSS rating.

Apple Safari macOS XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2023-2593 MEDIUM This Month

A flaw exists within the Linux kernel's handling of new TCP connections. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Linux Denial Of Service
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2025-38498 MEDIUM PATCH This Month

Denial of service via mount namespace privilege escalation in Linux kernel allows local authenticated users to crash the system by changing propagation settings on mounts outside their namespace. The do_change_type() function in the mount subsystem failed to validate that mounts belong to the caller's namespace, enabling unprivileged users with local access to trigger an availability impact. CVSS 5.5 reflects local authentication requirement and denial of service scope; EPSS 0.04% indicates low real-world exploitation probability despite the vulnerability being patched upstream.

Information Disclosure Linux Debian Linux Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43225 MEDIUM This Month

Local apps can access sensitive user data through inadequate log redaction in iPadOS and macOS, allowing information disclosure when a user interacts with a malicious application. Apple has released patches for iPadOS 17.7.9 and macOS versions 15.6 (Sequoia), 14.7.7 (Sonoma), and 13.7.7 (Ventura) that implement improved data redaction in logging. The EPSS score of 0.01% and absence of public exploit code indicate low real-world exploitation likelihood despite moderate CVSS scoring.

Apple iOS macOS Information Disclosure Ipados
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43241 MEDIUM This Month

Improper sandbox enforcement in macOS allows local applications to read files outside their designated sandbox boundaries without user authorization. The vulnerability affects macOS Sequoia before 15.6, macOS Sonoma before 14.7.7, and macOS Ventura before 13.7.7. An attacker controlling a sandboxed application can bypass file access restrictions through a permissions validation flaw, enabling confidentiality breaches of user data outside the app's intended scope. No public exploit code or active exploitation has been confirmed; the EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite the medium CVSS rating.

Apple macOS Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43228 MEDIUM PATCH This Month

Address bar spoofing in Apple Safari, iOS, and iPadOS allows remote attackers to deceive users about the website they are visiting through malicious web content, exploiting a user interface flaw that fails to adequately distinguish legitimate from spoofed address bar information. The vulnerability affects Safari before version 18.6, iOS before 18.6, and iPadOS before 18.6, and requires user interaction to visit a malicious site. No public exploit code or active exploitation has been confirmed; the EPSS score of 0.04% reflects low real-world exploitation probability despite the network attack vector.

Apple Safari iOS Open Redirect Ipados +3
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-43206 MEDIUM This Month

Path traversal vulnerability in macOS allows local applications to bypass directory path validation and access protected user data without authentication. Affecting macOS Ventura, Sonoma, and Sequoia, the flaw stems from improper path parsing that enables an unprivileged app to read sensitive files outside intended boundaries. Apple has released patches for all affected versions (Ventura 13.7.7, Sonoma 14.7.7, Sequoia 15.6); exploitation requires local access and app execution capability, resulting in low real-world risk despite moderate CVSS score.

Apple macOS Path Traversal Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43217 MEDIUM This Month

Privacy indicator bypass in Apple iOS and iPadOS allows local attackers to determine microphone or camera access without user notification. The vulnerability affects iOS 18.6 and earlier, and iPadOS 17.7.9 and earlier, enabling unauthorized monitoring of privacy-sensitive device activity. Apple has released patched versions (iOS 18.6, iPadOS 18.6, and iPadOS 17.7.9) that add logic to correctly display privacy indicators when microphone or camera access occurs. EPSS exploitation probability is very low at 0.02%, and no public exploit code has been identified.

Apple iOS Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43265 MEDIUM PATCH This Month

Out-of-bounds read in Apple Safari and system WebKit implementations allows local attackers to disclose internal application state by processing maliciously crafted web content, affecting Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. The vulnerability requires local access and user interaction but poses information disclosure risk with CVSS 4.0 and EPSS 0.02% (very low exploitation probability); no public exploit code or active exploitation has been identified.

Apple Safari iOS macOS Information Disclosure +7
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43226 MEDIUM This Month

Out-of-bounds memory read in Apple's image processing component allows local attackers without privileges to disclose sensitive process memory by supplying a maliciously crafted image, affecting iOS 18.5 and earlier, iPadOS 17.7.8 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation has been identified; exploitation requires local access and user interaction to process the malicious image. The EPSS score of 0.02% (5th percentile) indicates minimal real-world exploitation likelihood despite the broad platform impact.

Apple iOS macOS Information Disclosure Ipados +4
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43230 MEDIUM This Month

Insufficient permission checks in Apple operating systems allow local apps to access user-sensitive data without proper authorization. The vulnerability affects iOS 18.5 and earlier, iPadOS 18.5 and earlier (and iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unprivileged local application can exploit this to read sensitive user information by circumventing the permission model. No public exploit code has been identified at time of analysis, and EPSS scoring (0.02%, 4th percentile) indicates very low real-world exploitation probability despite the information disclosure impact.

Apple iOS Information Disclosure Privilege Escalation Ipados +4
NVD
CVSS 3.1
4.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy