Skip to main content
CVE-2025-10612 MEDIUM This Month

Reflected XSS in City Guide (giSoft Information Technologies) before version 1.4.45 allows unauthenticated remote attackers to inject and execute arbitrary JavaScript in a victim's browser by tricking them into clicking a crafted URL. The CVSS Changed Scope (S:C) indicates the injected script can affect resources outside the vulnerable application's security domain - such as the user's broader browser session - enabling session theft, credential harvesting, or UI redirection. No public exploit identified at time of analysis, and an EPSS score of 0.03% at the 7th percentile reflects very low observed exploitation probability.

XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-53057 MEDIUM PATCH CISA This Month

Improper access control in Oracle Java SE, GraalVM for JDK, and GraalVM Enterprise Edition allows unauthenticated remote attackers to create, delete, or modify critical data when APIs in the Security component are exposed via web services or similar mechanisms. The vulnerability affects Java 8u461 through 25 and carries a CVSS 5.9 with high integrity impact, though exploitation is difficult (AC:H) and no public exploit or active KEV status has been confirmed.

Authentication Bypass Oracle Java Graalvm Graalvm For Jdk +4
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-60511 MEDIUM This Month

Insecure Direct Object Reference in the Moodle OpenAI Chat Block plugin 3.0.1 allows any authenticated student to hijack administrator-configured AI block sessions by supplying an arbitrary blockId to the completion API endpoint. An attacker leveraging this flaw can read admin-only 'Source of Truth' prompt configurations, steer AI responses using privileged system instructions, and consume API quota tied to another user's block. A public proof-of-concept writeup and associated GitHub repository exist, though no confirmed active exploitation (CISA KEV) has been recorded; EPSS sits at 0.23% (14th percentile), indicating low but non-zero real-world exploitation interest.

Authentication Bypass PHP
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy