Skip to main content
CVE-2025-56556 LOW POC Monitor

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Subrion Cms
NVD GitHub
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-6088 LOW POC PATCH Monitor

In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-10236 LOW POC Monitor

A vulnerability has been found in binary-husky gpt_academic up to 3.91. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-10272 LOW POC Monitor

A vulnerability was determined in erjinzhi 10OA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10271 LOW POC Monitor

A vulnerability was found in erjinzhi 10OA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10251 LOW POC Monitor

A vulnerability was detected in FoxCMS up to 1.24. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10253 LOW POC Monitor

A vulnerability has been found in openDCIM 23.04. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-10235 LOW POC Monitor

A flaw has been found in Scada-LTS up to 2.7.8.1.shtm of the component Reports Module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-10234 LOW POC Monitor

A vulnerability was detected in Scada-LTS up to 2.7.8.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-10247 LOW Monitor

A security vulnerability has been detected in JEPaaS 7.2.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10255 LOW Monitor

A vulnerability was determined in Ascensio System SIA OnlyOffice up to 12.7.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-10254 LOW Monitor

A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0.aspx of the component SVG Image Handler. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-10246 LOW Monitor

A weakness has been identified in lokibhardwaj PHP-Code-For-Unlimited-File-Upload up to 124fe96324915490c81eaf7db3234b0b4e4bab3c. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-10245 LOW Monitor

A security flaw has been discovered in Display Painéis TGA up to 7.1.41. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-10252 LOW Monitor

A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. No vendor patch available.

Deserialization Java
NVD VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-10250 LOW Monitor

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-59047 LOW PATCH Monitor

matrix-sdk-base is the base component to build a Matrix client library. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
2.7
EPSS
0.1%
CVE-2025-9910 LOW PATCH Monitor

Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin. Rated low severity (CVSS 1.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 4.0
1.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy