Skip to main content
CVE-2025-56694 MEDIUM POC This Month

Client-side password validation (CWE-602) in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fotoshare Cloud
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-43882 HIGH This Month

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Thinos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43730 HIGH This Month

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Thinos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-43729 HIGH This Month

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Thinos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43728 CRITICAL This Week

Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Thinos
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2025-9526 HIGH POC This Month

A vulnerability has been found in Linksys E1700 1.0.0.4.003. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys E1700 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.5%
CVE-2025-9525 HIGH POC This Month

A flaw has been found in Linksys E1700 1.0.0.4.003. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys E1700 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-9523 HIGH POC This Week

A vulnerability was detected in Tenda AC1206 15.03.06.23. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac1206 Firmware
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.6%
CVE-2025-30064 HIGH This Month

An insufficiently secured internal function allows session generation for arbitrary users. Rated high severity (CVSS 8.8). No vendor patch available.

RCE Jwt Attack
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-30063 CRITICAL This Week

The configuration file containing database logins and passwords is readable by any local user. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-30061 MEDIUM This Month

In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-30060 MEDIUM This Month

In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-30059 MEDIUM This Month

In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" function is vulnerable to SQL injection. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-30058 MEDIUM This Month

In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-30057 CRITICAL This Week

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function. Rated critical severity (CVSS 9.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Code Injection
NVD
CVSS 4.0
9.4
EPSS
0.3%
CVE-2025-30056 CRITICAL This Week

The RunCommand function accepts any parameter, which is then passed for execution in the shell. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-30055 CRITICAL This Week

The "system" function receives untrusted input from the user. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
9.0
EPSS
0.0%
CVE-2025-30048 MEDIUM This Month

The "serverConfig" endpoint, which returns the module configuration including credentials, is accessible without authentication. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-30041 CRITICAL This Week

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.0
EPSS
0.0%
CVE-2025-30040 CRITICAL This Week

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.0
EPSS
0.1%
CVE-2025-30039 CRITICAL This Week

Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.0
EPSS
0.0%
CVE-2025-30038 HIGH This Month

The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-30037 HIGH This Month

The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-30036 HIGH This Month

Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation XSS
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-2313 CRITICAL This Week

In the Print.pl service, the "uhcPrintServerPrint" function allows execution of arbitrary code via the "CopyCounter" parameter. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-9514 MEDIUM This Month

A vulnerability has been found in macrozheng mall up to 1.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force Information Disclosure Mall
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-9513 MEDIUM This Month

A flaw has been found in editso fuso up to 1.0.4-beta.7. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-57846 HIGH This Month

Multiple i-フィルター products contain an issue with incorrect default permissions. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-57797 HIGH This Month

Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-7732 MEDIUM This Month

The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazy‑loading handlers in all versions up to, and including, 2.18.7 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8490 MEDIUM Monitor

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy