Skip to main content
CVE-2025-34152 CRITICAL POC THREAT Emergency

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 13.7% and no vendor patch available.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
13.7%
CVE-2025-51629 HIGH POC This Week

A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-47219 HIGH POC PATCH CISA This Week

A heap buffer over-read vulnerability exists in GStreamer's isomp4 plugin that allows reading past allocated memory boundaries when parsing specially crafted MP4 files. This affects GStreamer through version 1.26.1 and can lead to information disclosure of heap memory contents. A public proof-of-concept exploit is available, though the EPSS score of 0.09% suggests relatively low exploitation likelihood in the wild.

Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-47188 MEDIUM POC This Month

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2025-47183 MEDIUM POC PATCH This Month

A heap buffer over-read vulnerability exists in GStreamer's isomp4 plugin (qtdemux_parse_tree function) when parsing MP4 files, affecting versions through 1.26.1. The vulnerability allows local attackers with user-level privileges who can trick a user into opening a malicious MP4 file to disclose sensitive heap memory contents and potentially cause application crashes. Publicly available proof-of-concept code exists, and while the EPSS score of 0.02% indicates low exploitation probability overall, the presence of public exploits and the information disclosure capability warrant prompt patching.

Information Disclosure Gstreamer Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2024-52680 MEDIUM POC This Month

EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2023-41530 CRITICAL Act Now

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-41528 CRITICAL Act Now

Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-41527 CRITICAL Act Now

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-41526 CRITICAL Act Now

Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-41525 CRITICAL Act Now

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-47808 MEDIUM POC PATCH This Month

A null pointer dereference vulnerability exists in GStreamer's subparse plugin, specifically in the tmplayer_parse_line function when processing malformed subtitle files. This affects GStreamer through version 1.26.1 and can be triggered by an unauthenticated attacker over the network with moderate complexity, resulting in application crash (denial of service) and potential information disclosure. A public proof-of-concept exploit is available, but the EPSS score of 0.09% (25th percentile) indicates relatively low real-world exploitation probability despite POC availability.

Denial Of Service Gstreamer Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-47806 MEDIUM POC PATCH This Month

GStreamer's subparse plugin contains a stack-based buffer overflow in the parse_subrip_time function that allows attackers to write data past buffer boundaries, resulting in application crashes and potential information disclosure. Affected versions through 1.26.1 are vulnerable when processing specially crafted subtitle files. A proof-of-concept exploit is publicly available, and while the EPSS score of 0.07% suggests low exploitation probability overall, the availability of working exploit code elevates practical risk for systems processing untrusted subtitle content.

Denial Of Service Gstreamer Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-47807 MEDIUM POC PATCH This Month

A NULL pointer dereference vulnerability exists in GStreamer's subparse plugin, specifically in the subrip_unescape_formatting function, which can crash applications when processing maliciously crafted or malformed subtitle files. GStreamer versions through 1.26.1 are affected, and the vulnerability is exploitable through local attack vectors requiring user interaction to open a subtitle file. A public proof-of-concept is available, though the low EPSS score of 0.03% (7th percentile) suggests limited real-world exploitation likelihood despite the availability of exploit code.

Denial Of Service Gstreamer Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-8578 HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-24000 HIGH This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in WPExperts Post SMTP allows Authentication Bypass.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-41532 HIGH This Week

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-41531 HIGH This Week

Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-41524 HIGH This Week

Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Student Attendance Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-41523 HIGH This Week

Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Student Attendance Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-41522 HIGH This Week

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Student Attendance Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-41521 HIGH This Week

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Student Attendance Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-41520 HIGH This Week

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Student Attendance Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-26513 HIGH This Week

The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation San Host Utilities Windows
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2024-55401 MEDIUM This Month

An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Exonaut
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-40992 MEDIUM This Month

Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-7195 MEDIUM PATCH This Month

Operator-SDK before version 0.15.2 scaffolds operator container images with an insecure user_setup script that leaves the /etc/passwd file with group-writable permissions (mode 664) and root group ownership, enabling any non-root container user who is a member of the root group to modify /etc/passwd and add arbitrary users with UID 0, achieving full container root compromise. Developers who used affected versions to build operators may still be deploying vulnerable container images if the insecure script persists in their build pipelines. The vulnerability carries a CVSS score of 6.4 with high complexity and high privilege requirements (CVSS:3.1/AV:L/AC:H/PR:H), but an EPSS score of 0.01% indicates minimal real-world exploitation likelihood; no public exploit code or active exploitation has been confirmed.

Privilege Escalation
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8697 LOW POC Monitor

A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8701 LOW POC Monitor

A vulnerability was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2023-41529 MEDIUM This Month

Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Hospital Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2023-41519 MEDIUM This Month

Student Attendance Management System v1 was discovered to contain a cross-site scripting (XSS) vulnerability via the sessionName parameter at createSessionTerm.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Student Attendance Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-8698 LOW POC Monitor

A vulnerability was found in Open5GS up to 2.7.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8582 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-8580 MEDIUM PATCH This Month

Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-8579 MEDIUM PATCH This Month

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-8583 MEDIUM PATCH This Month

Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8581 MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-54951 CRITICAL PATCH GHSA This Week

A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-54950 CRITICAL PATCH GHSA This Week

An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-54949 CRITICAL PATCH GHSA This Week

A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-30405 CRITICAL PATCH GHSA This Week

An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-30404 CRITICAL PATCH GHSA This Week

An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-54787 LOW Monitor

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Suitecrm
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-53792 CRITICAL This Week

Azure Portal Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Azure Portal
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-53787 HIGH This Month

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Information Disclosure 365 Copilot Chat
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-53774 MEDIUM This Month

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Information Disclosure 365 Copilot Chat
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53767 CRITICAL This Week

Azure OpenAI Elevation of Privilege Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Azure Openai
NVD
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-45765 CRITICAL This Week

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-48709 MEDIUM Monitor

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Control M Server Windows
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-55077 MEDIUM This Month

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Erp Pro 9 Windows
NVD
CVSS 4.0
5.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy