Skip to main content
CVE-2025-8752 MEDIUM POC This Month

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Java
NVD VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-8773 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-54997 CRITICAL PATCH Act Now

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-8758 MEDIUM This Month

A vulnerability was found in TRENDnet TEW-822DRE FW103B02. Rated high severity (CVSS 7.3). No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2025-8757 MEDIUM This Month

A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Rated high severity (CVSS 7.3). No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2025-8756 LOW POC Monitor

A vulnerability has been found in TDuckCloud tduck-platform up to 5.1 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8775 LOW POC Monitor

A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8753 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8764 LOW POC Monitor

A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-8772 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06.php?language=en&nv=upload of the component Module Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-8784 LOW POC Monitor

A vulnerability classified as problematic was found in Portabilis i-Educar up to 2.9. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-8746 LOW POC PATCH Monitor

A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8750 LOW POC Monitor

A vulnerability has been found in macrozheng mall up to 1.0.3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8745 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in Weee RICEPO App 6.17.77 on Android.xml of the component com.ricepo.app. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-8744 MEDIUM This Month

A vulnerability classified as critical was found in CesiumLab Web up to 4.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2022-50233 MEDIUM PATCH This Month

{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-54998 MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-8751 LOW POC Monitor

A vulnerability was found in Protected Total WebShield Extension up to 3.2.0 on Chrome. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google XSS Chrome
NVD VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-4655 MEDIUM PATCH This Month

SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-8759 LOW Monitor

A vulnerability was found in TRENDnet TN-200 1.02b02. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-8765 LOW Monitor

A vulnerability classified as problematic was found in Datacom DM955 5GT 1200 825.8010.00. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-8774 LOW Monitor

A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Rated low severity (CVSS 2.0). No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-8763 MEDIUM This Month

A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2024-58238 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-8755 MEDIUM POC This Month

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic.java of the component com.macro.mall.portal.controller. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Mall
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7726 MEDIUM This Month

The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via its lightbox rendering code in all versions up to, and including, 12.6.0 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-7020 MEDIUM This Month

An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS (e.g. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.0%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-4581 MEDIUM PATCH This Month

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-55149 MEDIUM This Month

Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research-from ideation to implementation, writing, and review. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
6.7
EPSS
0.1%
CVE-2025-55013 MEDIUM PATCH Monitor

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-55009 HIGH PATCH This Month

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-55008 HIGH PATCH This Month

The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-55006 MEDIUM Monitor

Frappe Learning is a learning system that helps users structure their content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Learning
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-55003 MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-55001 MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55000 MEDIUM PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54999 LOW PATCH Monitor

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Openbao
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-55152 MEDIUM This Month

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54996 HIGH PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-54888 HIGH PATCH This Month

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-54417 MEDIUM PATCH This Month

Craft is a platform for creating digital experiences. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Craft Cms
NVD GitHub
CVSS 4.0
5.2
EPSS
0.0%
CVE-2025-6573 CRITICAL This Week

Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-46709 HIGH This Month

Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Ddk
NVD
CVSS 3.1
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy