Skip to main content
CVE-2025-10423 LOW POC Monitor

A vulnerability was found in newbee-mall 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-10441 LOW POC Monitor

A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-10442 LOW POC Monitor

A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-10480 LOW POC Monitor

A weakness has been identified in SourceCodester Online Student File Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10428 LOW POC Monitor

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10427 LOW POC Monitor

A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10471 LOW POC Monitor

A vulnerability was detected in ZKEACMS 4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10422 LOW POC Monitor

A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10430 LOW POC Monitor

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10419 LOW POC Monitor

A security vulnerability has been detected in SourceCodester Student Grading System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10418 LOW POC Monitor

A weakness has been identified in SourceCodester Student Grading System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10473 LOW POC Monitor

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10483 LOW POC Monitor

A flaw has been found in SourceCodester Online Student File Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10481 LOW POC Monitor

A security vulnerability has been detected in SourceCodester Online Student File Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10431 LOW POC Monitor

A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10429 LOW POC Monitor

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10421 LOW POC Monitor

A flaw has been found in SourceCodester Student Grading System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10420 LOW POC Monitor

A vulnerability was detected in SourceCodester Student Grading System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-43344 LOW Monitor

An out-of-bounds access issue was addressed with improved bounds checking. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43294 LOW Monitor

An issue existed in the handling of environment variables. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43357 LOW Monitor

This issue was addressed with improved redaction of sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43301 LOW Monitor

A privacy issue was addressed with improved private data redaction for log entries. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-9084 LOW PATCH Monitor

Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Mattermost Server
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-43349 LOW Monitor

An out-of-bounds write issue was addressed with improved input validation. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple
NVD
CVSS 3.1
2.8
EPSS
0.0%
CVE-2025-10440 LOW Monitor

A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-10433 LOW Monitor

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-10477 LOW Monitor

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10485 LOW Monitor

A vulnerability has been found in pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10434 LOW Monitor

A vulnerability was identified in IbuyuCMS up to 2.6.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-43328 LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43283 LOW Monitor

An out-of-bounds read was addressed with improved bounds checking. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure macOS
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43798 LOW PATCH Monitor

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Digital Experience Platform
NVD
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-59399 LOW Monitor

libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-59398 LOW Monitor

The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255> object is created with StringTooLarge. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-43792 LOW PATCH Monitor

Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35,. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-59377 LOW Monitor

feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Kubernetes Mcp Kubernetes Server
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-59376 LOW Monitor

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod". Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Kubernetes Mcp Kubernetes Server
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy