Skip to main content
CVE-2025-8085 HIGH POC THREAT Act Now

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.1%.

WordPress SSRF Ditty PHP
NVD WPScan
CVSS 3.1
8.6
EPSS
18.1%
CVE-2025-58454 HIGH POC This Week

WeGIA is a Web manager for charitable institutions. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2025-53838 HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Linkace
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-55849 HIGH POC This Week

WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiController.class.php file and the cancelTemplatee. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Weiphp
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-52288 HIGH POC PATCH This Week

Assertion failure in function ngap_build_downlink_nas_transport in file src/amf/ngap-build.c, the Access and Mobility Management Function (AMF) component, in Open5GS thru 2.7.5 allowing attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Open5gs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-9112 HIGH This Week

The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.4.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-58451 HIGH PATCH This Week

Cattown is a JavaScript markdown parser. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-36853 HIGH This Week

A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft
NVD HeroDevs
CVSS 3.1
7.5
EPSS
0.1%
CVE-2022-50238 HIGH This Week

The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-56630 HIGH This Week

FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Column.php file. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Foxcms
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-58453 HIGH POC This Week

WeGIA is a Web manager for charitable institutions. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2025-58449 HIGH PATCH This Month

Maho is a free and open source ecommerce platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-58444 HIGH PATCH This Month

The MCP inspector is a developer tool for testing and debugging MCP servers. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-58365 HIGH PATCH This Month

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-57817 HIGH PATCH This Month

Fides is an open-source privacy engineering platform. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Fides
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-52389 HIGH This Month

An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-56265 HIGH POC PATCH This Week

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-59033 HIGH This Month

The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-55998 HIGH This Month

A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smart Search And Filter
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-40930 HIGH This Month

JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-40928 HIGH PATCH This Month

JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-36855 HIGH This Month

A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft
NVD HeroDevs
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-36854 HIGH This Month

A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption RCE Use After Free Microsoft Denial Of Service
NVD HeroDevs
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-41708 HIGH This Month

Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-41682 HIGH This Month

An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-41664 HIGH This Month

A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g.,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy