Skip to main content
CVE-2025-10566 LOW POC Monitor

A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-59270 LOW PATCH Monitor

psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Pspas
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-59161 LOW Monitor

Element Web is a Matrix web client built using the Matrix React SDK. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
2.7
EPSS
0.2%
CVE-2025-59160 LOW PATCH Monitor

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
2.7
EPSS
0.1%
CVE-2025-58749 LOW POC PATCH Monitor

WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Webassembly Micro Runtime
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-30075 LOW Monitor

In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as other local users on the same machine if they could write DLL files to directories within victims' DLL. Rated low severity (CVSS 2.2). No vendor patch available.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
2.2
EPSS
0.0%
CVE-2025-26710 LOW Monitor

There is an an information disclosure vulnerability in ZTE T5400. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-10316 LOW PATCH Monitor

The extension "Form to Database" is susceptible to Cross-Site Scripting.2.5, from 3.0.0 before 3.2.2, from 4.0.0 before 4.2.3, from 5.0.0 before 5.0.2. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-59453 LOW Monitor

Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-59437 LOW Monitor

The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

SSRF Node.js
NVD GitHub
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-59436 LOW Monitor

The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

SSRF Node.js
NVD GitHub
CVSS 3.1
3.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy