Skip to main content
CVE-2025-9657 LOW POC Monitor

A vulnerability was detected in O2OA up to 10.0-410. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9646 LOW POC Monitor

A security flaw has been discovered in O2OA up to 10.0-410. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9653 LOW POC Monitor

A vulnerability was identified in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9652 LOW POC Monitor

A vulnerability was determined in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9649 LOW POC PATCH Monitor

A security vulnerability has been detected in appneta tcpreplay 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9677 LOW POC Monitor

A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9676 LOW POC Monitor

A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9675 LOW POC Monitor

A vulnerability was determined in Voice Changer App up to 1.1.0.xml of the component com.tuyangkeji.changevoice. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9674 LOW POC Monitor

A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9670 MEDIUM This Month

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-43284 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-30271 MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Path Traversal Qts Quts Hero
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-40709 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openatlas
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-54142 MEDIUM This Month

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Request Smuggling Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43255 LOW Monitor

An out-of-bounds read was addressed with improved bounds checking. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-58160 LOW PATCH Monitor

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-9650 LOW Monitor

A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-9651 LOW Monitor

A vulnerability was found in shafhasan chatbox up to 156a39cde62f78532c3265a70eda12c70907e56f. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-9673 LOW Monitor

A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9672 LOW Monitor

A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9671 LOW Monitor

A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-58159 CRITICAL POC Act Now

WeGIA is a Web manager for charitable institutions. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Wegia
NVD GitHub
CVSS 3.1
9.9
EPSS
0.6%
CVE-2025-58156 LOW PATCH Monitor

Centurion ERP is an ERP with a focus on ITSM and automation. Rated low severity (CVSS 1.9), this vulnerability is low attack complexity.

Authentication Bypass Centurion Erp
NVD GitHub
CVSS 3.1
1.9
EPSS
0.0%
CVE-2025-58068 MEDIUM PATCH This Month

Eventlet is a concurrent networking library for Python. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Authentication Bypass Request Smuggling Python Eventlet Red Hat +1
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-57752 MEDIUM PATCH This Month

Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Red Hat Next.js Vercel
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-55173 MEDIUM PATCH Monitor

Next.js is a React framework for building full-stack web applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Red Hat Next.js Vercel
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-58067 MEDIUM PATCH Monitor

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Open Redirect
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-58066 MEDIUM PATCH This Month

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-56577 HIGH This Month

An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evope Core
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-43773 MEDIUM PATCH Monitor

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
4.6
EPSS
0.1%
CVE-2025-58158 HIGH PATCH This Month

Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-52861 HIGH This Month

A path traversal vulnerability has been reported to affect VioStor. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
7.0
EPSS
0.4%
CVE-2025-44033 CRITICAL POC Act Now

SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE SQLi Oa System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-44015 LOW Monitor

A command injection vulnerability has been reported to affect HybridDesk Station. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Hybriddesk Station
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-33038 HIGH This Month

A path traversal vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-33037 HIGH This Month

A path traversal vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-33036 HIGH This Month

A path traversal vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-33033 HIGH This Month

A path traversal vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-33032 MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Path Traversal Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-30278 HIGH This Month

An improper certificate validation vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Qsync Central
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-30277 HIGH This Month

An improper certificate validation vulnerability has been reported to affect Qsync Central. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Qsync Central
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-30275 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Qsync Central
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-30274 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-30273 HIGH This Month

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-30272 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-30270 MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Path Traversal Qts Quts Hero
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-30268 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-30267 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Denial Of Service Null Pointer Dereference Qts Quts Hero
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-30265 LOW Monitor

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Buffer Overflow Qts Quts Hero
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-30264 HIGH This Month

A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero
NVD
CVSS 4.0
7.7
EPSS
0.3%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy