Skip to main content
CVE-2025-56218 CRITICAL Act Now

Arbitrary code execution in Ascertia SigningHub v8.6.8 stems from an unrestricted file upload weakness that lets an attacker upload a crafted PDF which is processed or stored in a way that yields server-side code execution. SigningHub is an enterprise/e-government digital signature and document workflow platform, so a compromise exposes signing keys, signed documents, and the workflow backend. Publicly available exploit code exists (GitHub PoC referenced), but there is no public exploit identified as actively used; EPSS is modest at 0.67% (47th percentile) and it is not in CISA KEV.

RCE File Upload Signinghub
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-57567 CRITICAL Act Now

Authenticated remote code execution in the PluXml flat-file CMS lets an administrator abuse the built-in theme editor to overwrite /themes/defaut/css/minify.php with arbitrary PHP, turning legitimate admin file-editing into full server command execution. The flaw (CWE-94 code injection) requires high privileges (admin) but no user interaction, and its CVSS 3.1 score of 9.1 reflects a scope change from the web application to the underlying OS. No public exploit code is confirmed beyond a vulnerability-disclosure PDF, and EPSS is low (0.90%), consistent with an admin-only prerequisite.

Code Injection PHP RCE
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2025-48044 HIGH GHSA This Week

Authentication bypass in Ash Framework (Elixir) versions 3.6.3 through 3.7.0 allows low-privileged authenticated attackers to bypass authorization policies and gain unauthorized access to high-confidentiality and high-integrity resources. The flaw resides in the policy expression evaluation logic (lib/ash/policy/policy.ex), enabling attackers to circumvent intended access controls. Publicly available exploit code exists (GitHub commit 8b83efa225f657bfc3656ad8ee8485f9b2de923d references the fix), and with CVSS 8.6 (CVSS 4.0) featuring low attack complexity and network attack vector, this presents significant risk to Elixir applications using vulnerable Ash versions. EPSS data not provided; no CISA KEV status confirmed at time of analysis.

Authentication Bypass
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-34282 MEDIUM POC This Month

SVG-based server-side request forgery in ThingsBoard versions prior to 4.2.1 allows upload of crafted SVG files containing external URL references to the dashboard Image Upload Gallery, causing the platform to initiate unintended outbound HTTP requests toward internal network resources. All ThingsBoard deployments (community, professional edition) running versions before 4.2.1 are affected via this gallery feature. No public exploit code or CISA KEV listing exists at time of analysis; however, the upstream fix in PR #13927 - which adds a Content-Security-Policy response header rather than sanitizing SVG content at upload - indicates the primary exploitation path may be browser-mediated rather than purely server-side, warranting scrutiny of the PR:N (no privileges required) CVSS assignment.

SSRF Thingsboard
NVD GitHub Exploit-DB
CVSS 4.0
6.9
EPSS
1.7%
CVE-2025-48087 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stored XSS.This issue affects Memberlite Shortcodes: from n/a through <= 1.4.1.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-11913 LOW POC Monitor

Path traversal in Streamax Crocus 1.3.40 Download function allows authenticated remote attackers to read arbitrary files via manipulation of the Path parameter in /Service.do?Action=Download requests. The vulnerability has a low CVSS score (2.1) due to requirement for authenticated access and confidentiality-only impact, but publicly available exploit code exists and the vendor has not responded to disclosure efforts.

Path Traversal Streamax Crocus
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-11914 LOW POC Monitor

Path traversal in Streamax Crocus 1.3.40 allows authenticated remote attackers to read arbitrary files via manipulation of the FilePath parameter in the /DeviceFileReport.do?Action=Download endpoint. The vulnerability has publicly available exploit code and affects the file download functionality with low confidentiality impact. Despite a CVSS score of 2.1, the vendor has not responded to disclosure and the exploit is publicly weaponized.

Path Traversal Streamax Crocus
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-11908 LOW POC Monitor

Streamax Crocus 1.3.40 allows authenticated remote attackers to bypass file upload restrictions via manipulation of the File parameter in the /FileDir.do?Action=Upload endpoint, enabling unrestricted file upload with limited direct impact. Publicly available exploit code exists and the vendor has not responded to disclosure attempts. Despite a low CVSS score of 2.1, the combination of public exploit availability and vendor non-response elevates operational risk, particularly if the upload mechanism can be chained with other vulnerabilities to achieve code execution.

Authentication Bypass File Upload Streamax Crocus
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11905 LOW POC Monitor

Code injection in ChanCMS up to version 3.3.2 via the getArticle function in app/modules/cms/controller/gather.js allows authenticated remote attackers to inject and execute arbitrary code with low impact on confidentiality, integrity, and availability. The exploit is publicly available on GitHub but exploitation probability remains low (EPSS 0.04%) due to authentication requirements and limited impact scope. The vendor did not respond to early disclosure notification.

Code Injection Chancms
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11912 LOW POC Monitor

SQL injection in Streamax Crocus 1.3.40 allows authenticated remote attackers to manipulate the orderField parameter in the /DeviceState.do?Action=Query endpoint, potentially extracting or modifying database contents. The vulnerability requires valid credentials but carries minimal confidentiality and integrity impact per CVSS scoring. Public exploit code is available, though EPSS exploitation probability remains low at 0.03%, suggesting either limited technical feasibility, narrow applicability, or defensive measures in typical deployments.

SQLi Streamax Crocus
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11911 LOW POC Monitor

SQL injection in Streamax Crocus 1.3.40 allows authenticated remote attackers to execute arbitrary SQL queries via the sortField parameter in the /DeviceFault.do?Action=Query endpoint. While the CVSS score is low (2.1) due to limited scope and confidentiality impact, publicly available exploit code exists and the vulnerability requires only low-privilege authentication. The vendor has not responded to early disclosure attempts, leaving no patch path available.

SQLi Streamax Crocus
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11910 LOW POC Monitor

SQL injection in Streamax Crocus 1.3.40 allows authenticated remote attackers to execute arbitrary SQL queries via the orderField parameter in the /MemoryState.do?Action=Query endpoint, potentially exposing or modifying database contents. Publicly available exploit code exists, but the CVSS score of 2.1 reflects low confidentiality, integrity, and availability impact with no scope change. The vendor did not respond to early disclosure.

SQLi Streamax Crocus
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11909 LOW POC Monitor

SQL injection in Streamax Crocus 1.3.40 allows authenticated remote attackers to manipulate the orderField parameter in the /RepairRecord.do?Action=QueryLast endpoint, enabling database query manipulation with limited confidentiality and integrity impact. Publicly available exploit code exists and the vendor has not responded to early disclosure notification. Despite a low CVSS score of 2.1, the combination of public exploit availability and vendor non-responsiveness increases real-world risk, though exploitation requires valid user credentials and produces only low-severity data exposure.

SQLi Streamax Crocus
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11903 LOW POC Monitor

SQL injection in ChanCMS up to version 3.3.2 allows authenticated remote attackers to manipulate the cid parameter in the /cms/article/update endpoint, enabling arbitrary database queries with limited confidentiality and integrity impact. The vulnerability requires valid user authentication and has publicly available exploit code, but carries low real-world risk due to the CVSS 2.1 score and minimal EPSS probability (0.02%). The vendor has not responded to early disclosure notifications.

SQLi Chancms
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11902 LOW POC Monitor

SQL injection in ChanCMS up to version 3.3.2 allows authenticated remote attackers to manipulate the cid parameter in the /cms/article/findField endpoint, enabling arbitrary database queries with limited confidentiality and integrity impact. The vulnerability requires valid user authentication (PR:L in CVSS 4.0) and publicly available exploit code exists, but real-world exploitation risk remains low due to minimal data confidentiality/integrity impact (VC:L/VI:L) and only 0.02% EPSS exploitation probability, suggesting this is a low-priority SQL injection compared to unauthenticated or higher-impact variants.

SQLi Chancms
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11904 LOW POC Monitor

SQL injection in ChanCMS up to version 3.3.2 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in the /cms/model/hasUse function. The vulnerability has low immediate impact (CVSS 2.1) but carries elevated real-world risk due to publicly available exploit code, authenticated but network-accessible attack vector, and vendor non-responsiveness to disclosure. Exploitation requires valid user credentials but no user interaction or special conditions.

SQLi Chancms
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-62652 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.

XSS
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-11849 MEDIUM PATCH This Month

Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of path or file type validation when processing a docx file containing an image with an external link (r:link attribute instead of embedded r:embed). The library resolves the URI to a file path and after reading, the content is encoded as base64 and included in the HTML output as a data URI. An attacker can read arbitrary files on the system where the conversion is performed or cause an excessive resources consumption by crafting a docx file that links to special device files such as /dev/random or /dev/zero.

Path Traversal
NVD GitHub
CVSS 4.0
5.4
EPSS
0.2%
CVE-2025-56320 MEDIUM This Month

Stored Cross-Site Scripting in CobbleStone Enterprise Contract Management Portal v22.4.0 allows a low-privileged, authenticated remote attacker to inject persistent malicious scripts into the application's chat box component. When a victim user views the chat, the injected script executes in their browser session, enabling session hijacking, credential theft, or in-application action forgery scoped to the vulnerable system. Notably, the vendor has disclosed that v22.4.0 is an obsolete, unsupported version no longer in active distribution, which substantially narrows the real-world attack surface. No public exploit identified at time of analysis, though a researcher writeup on Medium constitutes partial technical disclosure.

XSS RCE
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2025-11895 MEDIUM This Month

Authenticated subscribers in the Binary MLM Plan WordPress plugin up to version 5.0 can access other users' payout summaries through insecure direct object reference (IDOR) in the /bmp-account-detail/ endpoint. The vulnerability stems from the bmp_user_payout_detail_of_current_user() function failing to verify payout record ownership before returning data, allowing any authenticated user with the bmp_user role to enumerate and view arbitrary payout details by manipulating the payout-id parameter. This is a low-severity information disclosure affecting MLM WordPress sites; no public exploit code or active exploitation has been confirmed.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy