THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — October 17, 2025

16 CVEs tracked today. 0 Critical, 1 High, 4 Medium, 11 Low.

CVE-2025-48044 HIGH CVSS 8.6
Authentication bypass in Ash Framework (Elixir) versions 3.6.3 through 3.7.0 allows low-privileged authenticated attackers to bypass authorization policies and gain unauthorized access to high-confidentiality and high-integrity resources. The flaw resides in the policy expression evaluation logic (lib/ash/policy/policy.ex), enabling attackers to circumvent intended access controls. Publicly available exploit code exists (GitHub commit 8b83efa225f657bfc3656ad8ee8485f9b2de923d references the fix), and with CVSS 8.6 (CVSS 4.0) featuring low attack complexity and network attack vector, this presents significant risk to Elixir applications using vulnerable Ash versions. EPSS data not provided; no CISA KEV status confirmed at time of analysis.

Authentication Bypass
CVE-2025-62652 MEDIUM CVSS 5.9
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.

XSS
CVE-2025-48087 MEDIUM CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stored XSS.This issue affects Memberlite Shortcodes: from n/a through <= 1.4.1.

XSS
CVE-2025-11895 MEDIUM CVSS 4.3
Authenticated subscribers in the Binary MLM Plan WordPress plugin up to version 5.0 can access other users' payout summaries through insecure direct object reference (IDOR) in the /bmp-account-detail/ endpoint. The vulnerability stems from the bmp_user_payout_detail_of_current_user() function failing to verify payout record ownership before returning data, allowing any authenticated user with the bmp_user role to enumerate and view arbitrary payout details by manipulating the payout-id parameter. This is a low-severity information disclosure affecting MLM WordPress sites; no public exploit code or active exploitation has been confirmed.

WordPress Authentication Bypass
CVE-2025-11849 MEDIUM CVSS 5.4
Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of path...

Path Traversal
CVE-2025-11914 LOW CVSS 2.1
Path traversal in Streamax Crocus 1.3.40 allows authenticated remote attackers to read arbitrary files via manipulation of the FilePath parameter in the /DeviceFileReport.do?Action=Download endpoint. The vulnerability has publicly available exploit code and affects the file download functionality with low confidentiality impact. Despite a CVSS score of 2.1, the vendor has not responded to disclosure and the exploit is publicly weaponized.

Path Traversal Streamax Crocus
CVE-2025-11913 LOW CVSS 2.1
Path traversal in Streamax Crocus 1.3.40 Download function allows authenticated remote attackers to read arbitrary files via manipulation of the Path parameter in /Service.do?Action=Download requests. The vulnerability has a low CVSS score (2.1) due to requirement for authenticated access and confidentiality-only impact, but publicly available exploit code exists and the vendor has not responded to disclosure efforts.

Path Traversal Streamax Crocus
CVE-2025-11912 LOW CVSS 2.1
SQL injection in Streamax Crocus 1.3.40 allows authenticated remote attackers to manipulate the orderField parameter in the /DeviceState.do?Action=Query endpoint, potentially extracting or modifying database contents. The vulnerability requires valid credentials but carries minimal confidentiality and integrity impact per CVSS scoring. Public exploit code is available, though EPSS exploitation probability remains low at 0.03%, suggesting either limited technical feasibility, narrow applicability, or defensive measures in typical deployments.

SQLi Streamax Crocus
CVE-2025-11911 LOW CVSS 2.1
SQL injection in Streamax Crocus 1.3.40 allows authenticated remote attackers to execute arbitrary SQL queries via the sortField parameter in the /DeviceFault.do?Action=Query endpoint. While the CVSS score is low (2.1) due to limited scope and confidentiality impact, publicly available exploit code exists and the vulnerability requires only low-privilege authentication. The vendor has not responded to early disclosure attempts, leaving no patch path available.

SQLi Streamax Crocus
CVE-2025-11910 LOW CVSS 2.1
SQL injection in Streamax Crocus 1.3.40 allows authenticated remote attackers to execute arbitrary SQL queries via the orderField parameter in the /MemoryState.do?Action=Query endpoint, potentially exposing or modifying database contents. Publicly available exploit code exists, but the CVSS score of 2.1 reflects low confidentiality, integrity, and availability impact with no scope change. The vendor did not respond to early disclosure.

SQLi Streamax Crocus
CVE-2025-11909 LOW CVSS 2.1
SQL injection in Streamax Crocus 1.3.40 allows authenticated remote attackers to manipulate the orderField parameter in the /RepairRecord.do?Action=QueryLast endpoint, enabling database query manipulation with limited confidentiality and integrity impact. Publicly available exploit code exists and the vendor has not responded to early disclosure notification. Despite a low CVSS score of 2.1, the combination of public exploit availability and vendor non-responsiveness increases real-world risk, though exploitation requires valid user credentials and produces only low-severity data exposure.

SQLi Streamax Crocus
CVE-2025-11908 LOW CVSS 2.1
Streamax Crocus 1.3.40 allows authenticated remote attackers to bypass file upload restrictions via manipulation of the File parameter in the /FileDir.do?Action=Upload endpoint, enabling unrestricted file upload with limited direct impact. Publicly available exploit code exists and the vendor has not responded to disclosure attempts. Despite a low CVSS score of 2.1, the combination of public exploit availability and vendor non-response elevates operational risk, particularly if the upload mechanism can be chained with other vulnerabilities to achieve code execution.

Authentication Bypass File Upload Streamax Crocus
CVE-2025-11905 LOW CVSS 2.1
Code injection in ChanCMS up to version 3.3.2 via the getArticle function in app/modules/cms/controller/gather.js allows authenticated remote attackers to inject and execute arbitrary code with low impact on confidentiality, integrity, and availability. The exploit is publicly available on GitHub but exploitation probability remains low (EPSS 0.04%) due to authentication requirements and limited impact scope. The vendor did not respond to early disclosure notification.

Code Injection Chancms
CVE-2025-11904 LOW CVSS 2.1
SQL injection in ChanCMS up to version 3.3.2 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in the /cms/model/hasUse function. The vulnerability has low immediate impact (CVSS 2.1) but carries elevated real-world risk due to publicly available exploit code, authenticated but network-accessible attack vector, and vendor non-responsiveness to disclosure. Exploitation requires valid user credentials but no user interaction or special conditions.

SQLi Chancms
CVE-2025-11903 LOW CVSS 2.1
SQL injection in ChanCMS up to version 3.3.2 allows authenticated remote attackers to manipulate the cid parameter in the /cms/article/update endpoint, enabling arbitrary database queries with limited confidentiality and integrity impact. The vulnerability requires valid user authentication and has publicly available exploit code, but carries low real-world risk due to the CVSS 2.1 score and minimal EPSS probability (0.02%). The vendor has not responded to early disclosure notifications.

SQLi Chancms
CVE-2025-11902 LOW CVSS 2.1
SQL injection in ChanCMS up to version 3.3.2 allows authenticated remote attackers to manipulate the cid parameter in the /cms/article/findField endpoint, enabling arbitrary database queries with limited confidentiality and integrity impact. The vulnerability requires valid user authentication (PR:L in CVSS 4.0) and publicly available exploit code exists, but real-world exploitation risk remains low due to minimal data confidentiality/integrity impact (VC:L/VI:L) and only 0.02% EPSS exploitation probability, suggesting this is a low-priority SQL injection compared to unauthenticated or higher-impact variants.

SQLi Chancms

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities