Skip to main content
CVE-2025-8544 LOW POC Monitor

A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8543 LOW POC Monitor

A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8542 LOW POC Monitor

A vulnerability was found in Portabilis i-Educar 2.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8541 LOW POC Monitor

A vulnerability was found in Portabilis i-Educar 2.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-50592 MEDIUM This Month

Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Seacms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-8534 LOW POC PATCH Monitor

A vulnerability classified as problematic was found in libtiff 4.6.0. Rated low severity (CVSS 2.0). Public exploit code available.

Denial Of Service
NVD VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-8571 MEDIUM PATCH This Month

Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-44964 LOW Monitor

A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information. Rated low severity (CVSS 3.9). No vendor patch available.

Information Disclosure Bluestacks
NVD
CVSS 3.1
3.9
EPSS
0.0%
CVE-2025-8573 LOW POC PATCH Monitor

Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Concrete Cms
NVD Exploit-DB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-53534 HIGH PATCH This Month

RatPanel is a server operation and maintenance management panel. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.7%
CVE-2025-51541 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF XSS Shopware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-45512 MEDIUM POC PATCH This Week

A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE U Boot Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-50688 MEDIUM POC This Week

A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection File Upload RCE Twistedweb
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-50454 MEDIUM This Month

An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-7674 HIGH This Month

Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-54254 HIGH POC This Month

Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Adobe Experience Manager Forms
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-43980 MEDIUM This Month

An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43978 HIGH This Month

Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-46658 CRITICAL This Week

An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Exonaut
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43979 HIGH This Month

An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-54874 MEDIUM POC PATCH This Week

OpenJPEG is an open-source JPEG 2000 codec. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Openjpeg Red Hat Suse
NVD GitHub
CVSS 4.0
6.6
EPSS
0.1%
CVE-2025-50707 CRITICAL POC Act Now

An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Thinkphp
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-50706 CRITICAL POC Act Now

An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Thinkphp
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-47152 MEDIUM POC This Week

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Pdf Xchange Editor
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46958 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-29745 HIGH This Month

A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-27931 MEDIUM POC This Week

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Pdf Xchange Editor
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-7033 HIGH This Month

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell Arena
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-7032 HIGH This Month

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Buffer Overflow Stack Overflow Arena
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-7025 HIGH This Month

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell Arena
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2024-52890 MEDIUM This Month

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Engineering Lifecycle Optimization
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54987 CRITICAL PATCH This Week

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Apex One
NVD
CVSS 3.1
9.4
EPSS
0.8%
CVE-2025-54948 CRITICAL KEV PATCH THREAT Act Now

Trend Micro Apex One on-premise management console allows pre-authenticated remote attackers to upload malicious code and execute commands, enabling complete server compromise.

Command Injection Apex One
NVD
CVSS 3.1
9.4
EPSS
4.5%
CVE-2025-5061 HIGH PATCH This Month

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress RCE File Upload Wp Import Export Lite PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-41698 HIGH This Month

A low privileged local attacker can interact with the affected service although user-interaction should not be allowed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-2810 MEDIUM This Month

A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-8315 MEDIUM This Month

The WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.0.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8313 MEDIUM This Month

The Campus Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 1.9.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-7050 HIGH This Month

The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google File Upload XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-8547 MEDIUM POC PATCH This Month

A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Pybbs
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-54982 CRITICAL This Week

An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-8546 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Pybbs
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-54868 HIGH POC PATCH This Month

LibreChat is a ChatGPT clone with additional features. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy