Skip to main content
CVE-2025-57052 CRITICAL POC PATCH Act Now

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Cjson Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-55747 CRITICAL POC PATCH GHSA Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 4.0
9.3
EPSS
2.0%
CVE-2025-55748 CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2025-57148 CRITICAL POC Act Now

phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-58176 HIGH POC PATCH This Week

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Dive
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-57151 HIGH POC This Week

phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-26210 HIGH POC This Week

DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Deepseek R1 Deepseek V2 Deepseek V3
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-57146 HIGH POC This Week

phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2014-125127 HIGH POC PATCH This Week

The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service (DoS) attacks due to eager loading of request bodies in the Request class constructor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Flight
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53694 HIGH POC This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).2 through 10.4; Experience Platform (XP): from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Experience Commerce Experience Manager Experience Platform Managed Cloud
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57147 HIGH POC This Week

A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-57150 HIGH POC This Week

phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/subcategory.php via the categoryName parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-57833 HIGH POC PATCH GHSA This Week

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Python SQLi Django Red Hat Suse
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-57149 MEDIUM POC This Month

phpgurukul Complaint Management System 2.0 is vulnerable to SQL Injection in /complaint-details.php via the cid parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55944 MEDIUM POC This Month

Slink v1.4.9 allows stored cross-site scripting (XSS) via crafted SVG uploads. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Slink
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-32444 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.3.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-1740 CRITICAL Act Now

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.03.01 before v2.05.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-56498 MEDIUM POC This Month

An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pgn6401V Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2025-9848 MEDIUM POC This Month

A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9928 MEDIUM POC This Month

A security flaw has been discovered in projectworlds Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9926 MEDIUM POC This Month

A vulnerability was determined in projectworlds Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9927 MEDIUM POC This Month

A vulnerability was identified in projectworlds Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9925 MEDIUM POC This Month

A vulnerability was found in projectworlds Travel Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9924 MEDIUM POC This Month

A vulnerability has been found in projectworlds Travel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9919 MEDIUM POC This Month

A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-56761 MEDIUM POC PATCH This Month

Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Memos Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-2416 HIGH This Week

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass.02.14 before v1.02.17. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-2415 HIGH This Week

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.03.01 before v2.05.01. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-47421 HIGH This Week

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.001.0031.001 through 3.001.0034.001. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2023-21480 HIGH This Week

Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-9365 HIGH This Week

Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2025-36193 HIGH This Week

IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Transformation Advisor
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-56760 MEDIUM POC PATCH This Month

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Memos Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-21476 HIGH This Week

Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2023-21475 HIGH This Week

Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2023-21477 HIGH This Week

Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.9
EPSS
0.0%
CVE-2025-58604 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection.18.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-58637 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart allows PHP Local File Inclusion.11.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-58608 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress allows PHP Local File Inclusion.5.9.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54588 HIGH PATCH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Envoy Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-3666 LOW POC Monitor

The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS Sticky Side Buttons
NVD WPScan
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-13068 HIGH This Week

Origin Validation Error vulnerability in Akinsoft LimonDesk allows Forceful Browsing.02.14 before v1.02.17. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-58644 HIGH This Week

Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition allows Object Injection.2.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-58643 HIGH This Week

Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - Daylight Edition allows Object Injection.2.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-58642 HIGH This Week

Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - Day & Ross Edition allows Object Injection.1.11. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2023-21473 MEDIUM This Month

Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. Rated medium severity (CVSS 6.8). No vendor patch available.

Samsung RCE Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2023-21472 MEDIUM This Month

Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. Rated medium severity (CVSS 6.8). No vendor patch available.

Samsung RCE Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-13063 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft MyRezzta allows Forceful Browsing.02.02 before v2.05.01. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-58598 MEDIUM This Month

Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce allows Retrieve Embedded Sensitive Data.9.8. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-9260 MEDIUM This Month

The Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to PHP Object Injection in versions 5.1.16 to 6.1.1 via deserialization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Deserialization RCE
NVD
CVSS 3.1
6.5
EPSS
0.3%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy