Skip to main content
CVE-2025-55409 HIGH POC This Week

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Foxcms
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-50383 HIGH POC PATCH This Week

alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Easy Appointments
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-57809 HIGH POC PATCH This Week

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xgrammar Red Hat
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2025-26467 HIGH PATCH This Week

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Cassandra Red Hat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-3478 HIGH This Week

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-56216 HIGH This Week

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2023-47799 HIGH This Week

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mahara
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-8627 HIGH This Month

The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak.1.0. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link Kp303 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-57805 HIGH This Month

The Scratch Channel is a news website. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-6188 HIGH This Month

On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57802 HIGH This Month

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-6737 HIGH This Month

Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-57773 HIGH POC PATCH This Week

DataEase is an open source business intelligence and data visualization tool. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Code Injection Dataease
NVD GitHub
CVSS 4.0
8.2
EPSS
0.4%
CVE-2025-57772 HIGH POC PATCH This Week

DataEase is an open source business intelligence and data visualization tool. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Dataease
NVD GitHub
CVSS 4.0
8.2
EPSS
0.2%
CVE-2025-57760 HIGH PATCH This Month

Langflow is a tool for building and deploying AI-powered agents and workflows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Langflow
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-29421 HIGH POC This Month

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Perfreeblog
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-29420 HIGH POC This Month

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Perfreeblog
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-53119 HIGH This Month

An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-29523 HIGH POC This Month

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-5302 HIGH PATCH This Month

A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Red Hat
NVD GitHub
CVSS 3.0
8.6
EPSS
0.1%
CVE-2025-53510 HIGH POC This Week

A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Sail
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-53085 HIGH POC This Week

A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow RCE Sail
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-52930 HIGH POC This Week

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Sail
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-52456 HIGH POC This Week

A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Sail
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-51281 HIGH POC This Month

D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow D-Link Di 8100 Firmware
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-50129 HIGH POC This Week

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow RCE Sail
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-46407 HIGH POC This Week

A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Sail
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-35984 HIGH POC This Week

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow RCE Sail
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-32468 HIGH POC This Week

A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Sail
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-54370 HIGH PATCH This Month

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SSRF
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-52461 HIGH POC This Week

An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libbiosig
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-46411 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE Libbiosig
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-43960 HIGH POC This Week

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Deserialization Adminer Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.5%
CVE-2025-29516 HIGH POC This Month

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-5191 HIGH This Month

An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-54301 HIGH This Month

A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-54300 HIGH This Month

A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 4.0
8.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy