Skip to main content
CVE-2025-10073 LOW POC Monitor

A vulnerability was determined in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10098 LOW POC Monitor

A security flaw has been discovered in PHPGurukul User Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10081 LOW POC Monitor

A flaw has been found in SourceCodester Pet Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-10074 LOW POC Monitor

A vulnerability was identified in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-10088 LOW POC Monitor

A vulnerability was detected in SourceCodester Time Tracker 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-10075 LOW POC Monitor

A security flaw has been discovered in SourceCodester Online Polling System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-10087 LOW POC Monitor

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-10099 LOW POC Monitor

A weakness has been identified in Portabilis i-Educar up to 2.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-1761 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption IBM Information Disclosure Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-10084 LOW Monitor

A vulnerability was identified in elunez eladmin up to 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10080 LOW Monitor

A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-58745 CRITICAL POC Act Now

WeGIA is a Web manager for charitable institutions. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Code Injection Wegia
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2025-58453 HIGH POC This Week

WeGIA is a Web manager for charitable institutions. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2025-58450 CRITICAL PATCH This Week

pREST (PostgreSQL REST), is an API that delivers an application on top of a Postgres database. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL SQLi Suse
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-58449 HIGH PATCH This Month

Maho is a free and open source ecommerce platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-58444 HIGH PATCH This Month

The MCP inspector is a developer tool for testing and debugging MCP servers. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-58365 HIGH PATCH This Month

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-57817 HIGH PATCH This Month

Fides is an open-source privacy engineering platform. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Fides
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-57816 MEDIUM PATCH This Month

Fides is an open-source privacy engineering platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fides
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-57815 LOW PATCH Monitor

Fides is an open-source privacy engineering platform. Rated low severity (CVSS 1.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Fides
NVD GitHub
CVSS 4.0
1.7
EPSS
0.1%
CVE-2025-57766 LOW POC PATCH Monitor

Fides is an open-source privacy engineering platform. Rated low severity (CVSS 1.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Fides
NVD GitHub
CVSS 4.0
1.7
EPSS
0.0%
CVE-2025-54994 CRITICAL POC PATCH This Week

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Node.js
NVD GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-52389 HIGH This Month

An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-57285 CRITICAL POC PATCH Act Now

codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Codeceptjs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-56265 HIGH POC PATCH This Week

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-7709 MEDIUM PATCH This Month

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Integer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-59033 HIGH This Month

The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-57141 CRITICAL POC Act Now

rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ruisibi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-55998 HIGH This Month

A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smart Search And Filter
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-40930 HIGH This Month

JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-40929 MEDIUM PATCH This Month

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow Suse
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-40928 HIGH PATCH This Month

JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-36855 HIGH This Month

A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft
NVD HeroDevs
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-36854 HIGH This Month

A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption RCE Use After Free Microsoft Denial Of Service
NVD HeroDevs
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-22956 CRITICAL This Week

OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-3212 MEDIUM This Month

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free 5th Gen Gpu Architecture Kernel Driver Bifrost Gpu Kernel Driver +1
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-40642 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-40641 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability stored in Multi-Purpose Inventory Management System, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request using. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-41708 HIGH This Month

Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-41682 HIGH This Month

An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-41664 HIGH This Month

A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g.,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-58422 LOW Monitor

RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
2.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy