Skip to main content
CVE-2025-3193 HIGH POC PATCH This Week

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the _merge() function in merge.js, which allows constructor.prototype to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Code Injection Algoliasearch Helper Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-7647 HIGH PATCH This Week

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir()` function where a predictable, hardcoded directory path `/tmp/llama_index` is used on Linux. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 3.0
7.3
EPSS
0.0%
CVE-2025-8014 HIGH This Month

Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9816 HIGH This Month

The WP Statistics - The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-59945 HIGH PATCH This Month

SysReptor is a fully customizable pentest reporting platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Sysreptor
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-59939 HIGH POC This Week

WeGIA is a Web manager for charitable institutions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-59932 HIGH This Month

Flag Forge is a Capture The Flag (CTF) platform. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Flagforge
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy