Skip to main content
CVE-2025-54782 CRITICAL POC PATCH THREAT Act Now

Nest is a framework for building scalable Node.js server-side applications. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%.

Command Injection RCE Node.js Devtools Integration
NVD GitHub
CVSS 4.0
9.4
EPSS
22.1%
Threat
4.0
CVE-2025-8471 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB Exploit-DB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8493 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Intern Membership Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8470 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8469 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8468 MEDIUM POC This Month

A vulnerability was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8467 MEDIUM POC This Month

A vulnerability was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8466 MEDIUM POC This Month

A vulnerability was found in code-projects Online Farm System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-6754 HIGH This Week

The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-8212 MEDIUM This Month

The Medical Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter widget in all versions up to, and including, 1.6.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2023-32253 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's ksmbd component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Linux
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-32255 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's ksmbd component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-23290 LOW Monitor

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. Rated low severity (CVSS 2.5). No vendor patch available.

Nvidia Information Disclosure
NVD
CVSS 3.1
2.5
EPSS
0.0%
CVE-2025-23285 MEDIUM This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-23284 HIGH This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Nvidia Buffer Overflow RCE Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23288 LOW Monitor

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may cause an exposure of sensitive system information with local unprivileged system access. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft Information Disclosure Windows
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-23287 LOW Monitor

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft Information Disclosure Windows
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-23286 MEDIUM PATCH Monitor

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Buffer Overflow Microsoft Information Disclosure Windows +1
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-23283 HIGH PATCH This Month

NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Nvidia Buffer Overflow RCE Denial Of Service +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23281 HIGH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. Rated high severity (CVSS 7.0). No vendor patch available.

Nvidia Memory Corruption RCE Use After Free Microsoft +3
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-23279 HIGH PATCH This Month

NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service RCE Nvidia Information Disclosure Suse
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-23278 HIGH PATCH This Month

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Windows Suse
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23277 HIGH PATCH This Month

NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Linux Microsoft Authentication Bypass Denial Of Service +3
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-23276 HIGH This Month

NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia RCE Microsoft Denial Of Service Path Traversal +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7710 CRITICAL This Week

The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-7500 MEDIUM This Month

The Ocean Social Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via social icon titles in all versions up to, and including, 2.2.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-8488 MEDIUM Monitor

The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-6722 MEDIUM This Month

The BitFire Security - Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via the bitfire_*. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-8400 MEDIUM This Month

The Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-8399 MEDIUM This Month

The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8391 MEDIUM This Month

The Magic Edge - Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-6832 MEDIUM This Month

The All in One Time Clock Lite - Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-8317 MEDIUM This Month

The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘angle’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8152 MEDIUM This Month

The WP CTA - Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-6626 MEDIUM Monitor

The ShortPixel Adaptive Images - WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the API URL Setting in all versions up to, and including,. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-4588 MEDIUM This Month

The 360 Photo Spheres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sphere' shortcode in all versions up to, and including, 1.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8146 MEDIUM This Month

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-7694 MEDIUM This Month

The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() function in all versions up to, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP Path Traversal RCE Woffice
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2025-6078 MEDIUM This Month

Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-6077 CRITICAL This Week

Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-6076 HIGH This Month

Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54796 HIGH POC PATCH This Month

Copyparty is a portable file server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Copyparty
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54790 CRITICAL This Week

Files is a module for managing files inside spaces and user profiles. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Files
NVD GitHub
CVSS 4.0
9.2
EPSS
0.1%
CVE-2025-54789 MEDIUM PATCH This Month

Files is a module for managing files inside spaces and user profiles. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity.

RCE XSS Files
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-54781 LOW Monitor

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure
NVD GitHub
CVSS 3.1
2.8
EPSS
0.0%
CVE-2025-54386 HIGH PATCH This Month

Traefik is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Privilege Escalation Denial Of Service RCE Path Traversal Traefik +2
NVD GitHub
CVSS 4.0
7.3
EPSS
0.9%
CVE-2025-54136 HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Cursor
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-54133 MEDIUM This Month

Cursor is a code editor built for programming with AI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Information Disclosure Cursor
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy