Skip to main content
CVE-2025-24975 HIGH POC PATCH This Week

Firebird is a relational database. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Firebird Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-49897 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-8675 HIGH PATCH This Week

Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.0.0 before 1.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Ai Seo Link Advisor Drupal
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-5047 HIGH This Week

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Advance Steel Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-5046 HIGH This Week

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Advance Steel Autocad +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-8361 HIGH PATCH This Week

Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.0.0 before 2.18.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Config Pages Drupal
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-8092 HIGH PATCH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).0.0 before 1.2.16. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cookies Consent Management Drupal
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-49898 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.0.14. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-7641 HIGH This Week

The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Path Traversal PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-7650 HIGH This Week

The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.50 via the 'bizcalv' shortcode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress LFI PHP RCE Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-1929 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-8959 HIGH PATCH This Month

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Go Getter Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-43490 HIGH This Month

A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

HP Privilege Escalation
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-5048 HIGH This Month

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Advance Steel Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54475 HIGH This Month

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Joomla
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-54474 HIGH This Month

A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Joomla
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-9046 HIGH POC This Month

A vulnerability was identified in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-9023 HIGH POC This Month

A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac7 Firmware Ac18 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-9007 HIGH POC This Month

A vulnerability has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-9006 HIGH POC This Month

A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-8342 HIGH This Month

The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-6025 HIGH This Month

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy