Skip to main content
CVE-2025-51543 CRITICAL POC Act Now

An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-55303 MEDIUM POC PATCH This Month

Astro is a web framework for content-driven websites. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Astro
NVD GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-50567 CRITICAL Act Now

Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE SQLi
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-6758 CRITICAL Act Now

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' function in all versions up to, and including, 3.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-9179 CRITICAL PATCH Act Now

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-55031 CRITICAL Act Now

Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Open Redirect Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-54143 CRITICAL Act Now

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS < 141. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8042 CRITICAL PATCH Act Now

Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-9187 CRITICAL PATCH Act Now

Memory safety bugs present in Firefox 141 and Thunderbird 141. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-9155 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9154 MEDIUM POC This Month

A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9156 MEDIUM POC This Month

A vulnerability was found in itsourcecode Sports Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-51529 MEDIUM POC This Month

Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Cookies And Content Security Policy
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54145 CRITICAL Act Now

The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox for. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Open Redirect Mozilla
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-8218 HIGH This Week

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' parameter in all versions up to, and including, 3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-9185 HIGH PATCH This Week

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-9184 HIGH PATCH This Week

Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-9180 HIGH PATCH This Week

Same-origin policy bypass in the Graphics: Canvas2D component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-38585 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() When gmin_get_config_var() calls efi.get_variable() and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Intel Linux Memory Corruption Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38555 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38584 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padata_reorder that goes back to the initial commit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-55029 HIGH This Week

Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks This vulnerability affects Firefox for iOS < 142. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Mozilla
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9182 HIGH PATCH This Week

Denial-of-service due to out-of-memory in the Graphics: WebRender component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-38614 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-55028 MEDIUM This Month

Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks This vulnerability affects Firefox for iOS <. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-9181 MEDIUM PATCH This Month

Uninitialized memory in the JavaScript Engine component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-9183 MEDIUM PATCH This Month

Spoofing issue in the Address Bar component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-9186 MEDIUM PATCH This Month

Spoofing issue in the Address Bar component of Firefox Focus for Android. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-9149 LOW POC Monitor

A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2025-9140 LOW POC Monitor

A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD VulDB Exploit-DB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-9153 LOW POC Monitor

A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-9151 LOW POC Monitor

A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-55032 MEDIUM This Month

Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Open Redirect XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-55030 MEDIUM This Month

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Mozilla
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-9139 LOW POC Monitor

A vulnerability was determined in Scada-LTS 2.7.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-55033 MEDIUM This Month

Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-5417 MEDIUM PATCH This Month

An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-9137 LOW POC Monitor

A vulnerability has been found in Scada-LTS 2.7.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9171 LOW POC Monitor

A security flaw has been discovered in SolidInvoice up to 2.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9170 LOW POC Monitor

A vulnerability was identified in SolidInvoice up to 2.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9169 LOW POC Monitor

A vulnerability was determined in SolidInvoice up to 2.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9168 LOW POC Monitor

A vulnerability was found in SolidInvoice up to 2.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9167 LOW POC Monitor

A vulnerability has been found in SolidInvoice up to 2.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9145 LOW POC Monitor

A security vulnerability has been detected in Scada-LTS 2.7.8.1.shtm of the component SVG File Handler. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9144 LOW POC Monitor

A weakness has been identified in Scada-LTS 2.7.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9143 LOW POC Monitor

A security flaw has been discovered in Scada-LTS 2.7.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9138 LOW POC Monitor

A vulnerability was found in Scada-LTS 2.7.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9147 LOW POC Monitor

A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9134 LOW POC Monitor

A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9135 LOW POC Monitor

A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy