Skip to main content
CVE-2025-9754 LOW POC Monitor

A flaw has been found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-9753 LOW POC Monitor

A vulnerability was detected in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-58318 MEDIUM This Month

Delta Electronics DIAView has an authentication bypass vulnerability. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-33099 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-33084 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-33102 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-36133 MEDIUM This Month

IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure App Connect Enterprise Certified Containers Operands App Connect Operator
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-33083 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Concert
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-33082 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Concert
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-9799 LOW POC Monitor

A security flaw has been discovered in Langfuse up to 3.88.0. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

SSRF
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-9769 LOW POC Monitor

A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
0.9
EPSS
0.1%
CVE-2024-12914 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akınsoft QR Menü allows Cross-Site Scripting (XSS).05.05 before v1.05.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-9797 LOW Monitor

A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-9778 LOW Monitor

A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Rated low severity (CVSS 1.8). No vendor patch available.

Authentication Bypass Tenda
NVD GitHub VulDB
CVSS 4.0
0.9
EPSS
0.0%
CVE-2025-9809 HIGH This Month

Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Libretro Common
NVD GitHub
CVSS 4.0
8.4
EPSS
0.5%
CVE-2025-3586 HIGH PATCH This Month

In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 (Liferay PaaS,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass RCE Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
7.5
EPSS
0.3%
CVE-2025-57799 HIGH This Month

StreamVault is a multi-platform video parsing and downloading tool. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2025-55007 LOW PATCH Monitor

Knowage is an open source analytics and business intelligence suite. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Knowage
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-9783 HIGH POC This Month

A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A702r Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-0656 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Concert
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-9782 HIGH POC This Month

A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A702r Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-9780 HIGH POC This Month

A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A702r Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-9779 HIGH POC This Month

A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A702r Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-9774 LOW Monitor

A vulnerability has been found in RemoteClinic up to 2.0.php. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Remote Clinic
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-6507 CRITICAL This Week

A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution and reading of system files.47.0.99999. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2025-54857 CRITICAL This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-20708 HIGH This Month

In Modem, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Nr15 Nr16 +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-20707 MEDIUM This Month

In geniezone, there is a possible memory corruption due to use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Denial Of Service Privilege Escalation +2
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20705 HIGH This Month

In monitor_hang, there is a possible memory corruption due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Denial Of Service Privilege Escalation +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20704 HIGH This Month

In Modem, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Nr17 Nr17r
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-20703 MEDIUM This Month

In Modem, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Nr15 Nr16 +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-9569 MEDIUM This Month

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ehrd Ctms
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-9568 MEDIUM This Month

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ehrd Ctms
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-9567 MEDIUM This Month

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ehrd Ctms
NVD
CVSS 4.0
5.1
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy