Skip to main content
CVE-2025-12227 LOW POC Monitor

Stored cross-site scripting (XSS) in projectworlds Gate Pass Management System 1.0 allows authenticated users to inject malicious scripts via the /add-pass.php endpoint, which execute in the browsers of other users who view the affected content. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting its scope to reflected or stored XSS within an authenticated session. Publicly available exploit code exists, though EPSS exploitation probability remains very low at 0.03%, suggesting limited real-world weaponization despite public disclosure.

PHP XSS Gate Pass Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12287 LOW POC Monitor

SQL injection in Bdtask Wholesale Inventory Control and Inventory Management System up to version 20251013 allows high-privileged remote attackers to manipulate the first_name and last_name parameters in the /Admin_dashboard/edit_profile endpoint, leading to unauthorized database queries with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.

SQLi Wholesale
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12282 LOW POC Monitor

Stored cross-site scripting (XSS) in code-projects Client Details System 1.0 allows authenticated users with high privileges to inject malicious scripts via the /admin/manage-users.php endpoint, which are then executed in the browsers of other users who interact with the managed user data. The vulnerability requires administrative privileges and user interaction (UI:P) to exploit, resulting in limited integrity impact (VI:L). Public exploit code is available, though the extremely low CVSS score (1.9) and EPSS probability (0.04%) reflect the high privilege barrier and user interaction requirement that significantly constrain real-world risk.

PHP XSS Client Details System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12330 LOW POC Monitor

Stored cross-site scripting (XSS) in Willow CMS up to version 1.4.0 allows authenticated administrative users to inject malicious scripts via the title or body parameters in the Add Post Page (/admin/articles/add), which are then executed in the browsers of other users who view the post. The vulnerability requires high-privilege authentication and user interaction (visiting the affected page) to trigger, resulting in limited integrity impact. Public exploit code is available, though EPSS analysis indicates minimal real-world exploitation probability at 0.03%.

XSS Willow Cms
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12312 LOW POC Monitor

Reflected cross-site scripting in PHPGurukul Curfew e-Pass Management System 1.0 allows authenticated high-privilege users to inject malicious scripts via the Fullname or Category parameters in view-pass-detail.php, exploitable only when a victim with sufficient privileges views a crafted link. The CVSS score of 1.9 reflects severe exploitation constraints: high privilege requirement, user interaction dependency, and limited impact scope, despite a public exploit being available.

PHP XSS Curfew E Pass Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12311 LOW POC Monitor

Stored or reflected cross-site scripting (XSS) in PHPGurukul Curfew e-Pass Management System 1.0 allows authenticated users with high privileges to inject malicious scripts via the catname parameter in edit-category-detail.php, affecting application integrity with low severity (CVSS 1.9, EPSS 0.03%). Publicly available exploit code exists; however, exploitation requires user interaction and high-level administrative credentials, significantly limiting real-world attack surface.

PHP XSS Curfew E Pass Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12303 LOW POC Monitor

Stored cross-site scripting (XSS) in PHPGurukul Curfew e-Pass Management System 1.0 allows authenticated high-privilege users to inject malicious scripts via the adminname or email parameters in admin-profile.php, affecting user interface integrity and enabling credential theft or malware delivery. The vulnerability requires high-privilege access and user interaction (UI:P), resulting in a CVSS score of 1.9 despite network accessibility. Public exploit code exists but exploitation probability is exceptionally low (EPSS 0.03%, 9th percentile), suggesting this is primarily a demonstration or proof-of-concept rather than an active threat.

PHP XSS Curfew E Pass Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12279 LOW POC Monitor

Cross-site scripting (XSS) in code-projects Client Details System 1.0 allows remote attackers with high privileges and user interaction to inject malicious scripts via the /welcome.php file, resulting in limited integrity impact. The vulnerability has been publicly disclosed with exploit code available, though real-world exploitation is constrained by the requirement for high administrative privileges and user interaction, reflected in the exceptionally low CVSS score of 1.9 and EPSS probability of 0.03%.

PHP XSS Client Details System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12231 LOW POC Monitor

Stored cross-site scripting in projectworlds Expense Management System 1.0 allows high-privileged authenticated users to inject malicious scripts via the Expense Categories creation page, affecting other users who view the poisoned content. The vulnerability requires administrator-level access and user interaction (rendering the page), limiting real-world impact despite remote network delivery. Publicly available exploit code exists; EPSS exploitation probability is very low at 0.03%, suggesting this is primarily a proof-of-concept risk rather than an actively exploited threat.

XSS Expense Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12230 LOW POC Monitor

Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows authenticated users with high privileges to inject malicious scripts via the Currency Page create function (/public/admin/currencies/create), which are then reflected to other users who interact with that page. The vulnerability requires user interaction and high-level administrative privileges to exploit, resulting in limited real-world risk despite public exploit availability and low EPSS score.

XSS Expense Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12229 LOW POC Monitor

Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows authenticated high-privilege users to inject malicious scripts via the Roles Page create endpoint (/public/admin/roles/create), which are then reflected to other users. The vulnerability requires high-privilege authentication and user interaction to trigger, limiting real-world exploitation despite public POC availability and network accessibility.

XSS Expense Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12228 LOW POC Monitor

Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows high-privileged authenticated users to inject malicious scripts via the /public/admin/users/create endpoint, which are executed in the browsers of other users viewing the affected page. The vulnerability requires administrator privileges and user interaction (clicking a link), significantly limiting exploitation scope despite remote accessibility and publicly available proof-of-concept code.

XSS Expense Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12207 LOW POC Monitor

Null pointer dereference in Kamailio 5.5.0's grammar rule handler (src/core/cfg.y, yyerror_at function) causes denial of service when processing malformed configuration files. Local authenticated attackers can trigger the vulnerability by manipulating config files, resulting in application crash. Publicly available exploit code exists, but exploitation requires local access and config file manipulation, limiting real-world attack surface. EPSS score of 0.03% indicates minimal exploitation probability despite disclosed POC.

Denial Of Service Kamailio
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12206 LOW POC Monitor

Kamailio 5.5.0 suffers a null pointer dereference in the rve_is_constant function (src/core/rvalue.c) triggered by manipulation of local configuration files, resulting in denial of service. The attack requires local access with low privileges and produces only availability impact. Publicly available exploit code exists, but active exploitation has not been confirmed by CISA KEV, and the vulnerability's genuine existence remains disputed by the original reporter. Real-world risk is minimal given the low EPSS score (0.03%), requirement for config file manipulation, and minimal impact surface.

Denial Of Service Kamailio
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12281 LOW POC Monitor

Stored cross-site scripting (XSS) in code-projects Client Details System 1.0 allows authenticated high-privilege users to inject malicious scripts into the /admin/clientview.php endpoint that execute in the context of other users' browsers. The vulnerability requires user interaction (victim must view affected content) and high administrative privileges to exploit, limiting real-world risk despite public exploit disclosure. EPSS score of 0.03% reflects the stringent authentication and interaction requirements that prevent widespread automated exploitation.

PHP XSS Client Details System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12280 LOW POC Monitor

Cross-site scripting (XSS) in code-projects Client Details System 1.0 allows high-privileged authenticated users to inject malicious scripts via the /update-clients.php endpoint, requiring user interaction to execute. The vulnerability carries a low CVSS score of 1.9 due to high privilege requirements (PR:H) and mandatory user interaction (UI:P), but publicly available exploit code exists, making it actionable for insider threats or social engineering scenarios targeting administrators.

PHP XSS Client Details System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-62982 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through <= 2.3.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-62920 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webnique USERCENTRICS CMP usercentrics-consent-management-platform allows Stored XSS.This issue affects USERCENTRICS CMP: from n/a through <= 1.0.9.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-62899 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in THRIVE - Web Design Gold Coast Photospace Responsive photospace-responsive allows Stored XSS.This issue affects Photospace Responsive: from n/a through <= 2.2.0.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-12205 LOW POC Monitor

Use-after-free vulnerability in Kamailio 5.5.0 configuration file parser allows local authenticated attackers to cause denial of service or memory corruption via malformed configuration files. The vulnerability exists in the sr_push_yy_state function within the lexical analyzer (cfg.lex) and has publicly available exploit code, though the vendor has not responded to disclosure and practical exploitability remains uncertain due to the requirement for direct configuration file manipulation.

Buffer Overflow Denial Of Service Kamailio
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-12204 LOW POC Monitor

Heap-based buffer overflow in Kamailio 5.5.0's rve_destroy function allows local authenticated attackers to cause limited data corruption through manipulation of configuration files, with publicly available exploit code but extremely low real-world risk due to local access requirement, authenticated privilege level, and acknowledged uncertainty about vulnerability existence.

Buffer Overflow Kamailio
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-62965 MEDIUM This Month

Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through <= 2.5.1.

Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-12277 MEDIUM This Month

A flaw has been found in Abdullah-Hasan-Sajjad Online-School up to f09dda77b4c29aa083ff57f4b1eb991b98b68883. This affects an unknown part of the file /studentLogin.php. This manipulation of the argument Email causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-12248 MEDIUM This Month

A security vulnerability has been detected in CLTPHP 3.0. The affected element is an unknown function of the file /home/search.html. Such manipulation of the argument keyword leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-62919 MEDIUM This Month

Unauthenticated remote attackers can bypass authorization controls in TS Demo Importer plugin for WordPress (versions ≤0.1.3), enabling high-impact integrity and availability compromise through misconfigured access control. EPSS scoring at 7th percentile (0.07%) suggests low observed exploitation probability. No CISA KEV listing indicates no confirmed active exploitation at time of analysis, though the authentication bypass tag and critical CVSS 9.1 rating warrant immediate attention for exposed WordPress installations.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-62980 MEDIUM This Month

Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: from n/a through <= 4.1.03.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-62918 MEDIUM This Month

Broken access control in IgnitionDeck WordPress plugin (versions ≤2.0.15) enables authenticated users to bypass authorization checks and perform unauthorized actions with elevated privileges. The vulnerability requires low-privilege authentication but has low attack complexity (CVSS 8.8, AV:N/AC:L/PR:L), allowing compromise of confidentiality, integrity, and availability. EPSS probability is low (0.05%, 15th percentile), and no public exploit is identified at time of analysis, suggesting limited active targeting despite the high severity rating.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-62916 MEDIUM This Month

Broken access control in WP Flights & Hotels Booking WP Plugin (adiaha-hotel) versions ≤3.1 allows authenticated users with low privileges to bypass authorization checks and gain unauthorized access to high-impact functionality. Attackers can achieve complete compromise of confidentiality, integrity, and availability within the plugin's scope. EPSS score of 0.05% (15th percentile) indicates low observed exploitation probability, and no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-62966 MEDIUM This Month

Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through <= 1.3.6.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-62925 MEDIUM This Month

Broken access control in Conversios.io WooCommerce analytics plugin (versions ≤7.2.13) allows authenticated low-privilege users to access or modify high-sensitivity data without proper authorization checks. The vulnerability enables privilege escalation where any authenticated user can bypass intended access restrictions to read confidential information or alter plugin settings/data. EPSS score of 0.03% (9th percentile) indicates low predicted exploitation probability; no public exploit identified at time of analysis.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-61795 MEDIUM PATCH CISA This Month

Denial of service in Apache Tomcat occurs when multipart upload errors leave temporary disk files uncleaned, allowing attackers to exhaust disk space faster than garbage collection reclaims it. Affected versions 8.5.0-8.5.100 (EOL), 9.0.0-M1-9.0.109, 10.1.0-M1-10.1.46, and 11.0.0-M1-11.0.11 require authenticated access (PR:L) and high attack complexity, making real-world exploitation limited despite the medium CVSS score.

Apache Tomcat Information Disclosure Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-62944 MEDIUM This Month

Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTER mstw-csv-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSTW CSV EXPORTER: from n/a through <= 1.4.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-62946 MEDIUM This Month

Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a through <= 2.3.8.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-62892 MEDIUM This Month

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.3.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-62976 MEDIUM This Month

Missing Authorization vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sendle Shipping: from n/a through <= 6.02.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-62922 MEDIUM This Month

Missing Authorization vulnerability in Shambhu Patnaik Export Categories export-categories allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export Categories: from n/a through <= 1.0.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-62902 MEDIUM This Month

Sensitive system information disclosure in ThemeHunk WP Popup Builder plugin for WordPress (versions ≤1.3.8) allows unauthenticated remote attackers to retrieve embedded sensitive data without authentication. The vulnerability presents a CVSS 7.5 HIGH severity with confirmed network-based exploitation requiring no user interaction. EPSS score of 0.03% (10th percentile) indicates minimal observed exploitation activity, and no public exploit identified at time of analysis. The flaw stems from improper exposure of sensitive information to unauthorized control spheres (CWE-497).

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-62895 MEDIUM This Month

Sensitive data exposure in Atarim Visual Collaboration WordPress plugin (versions through 4.2.1) allows unauthenticated remote attackers to retrieve embedded confidential information via network-accessible endpoints. The vulnerability enables direct extraction of sensitive data with no authentication required and low attack complexity. EPSS score of 0.03% (10th percentile) indicates minimal current exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-62977 MEDIUM This Month

Missing authorization controls in the Baidu SEO Collection WordPress plugin versions up to 2.1.4 allow unauthenticated remote attackers to access restricted functionality and retrieve sensitive information without proper permission checks. The vulnerability affects the plugin's core access control mechanisms, enabling unauthorized information disclosure with a CVSS score of 5.3. EPSS exploitation probability is low at 0.03%, and no active exploitation has been confirmed.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-62970 MEDIUM This Month

Link Whisper Free WordPress plugin through version 0.9.2 allows unauthenticated remote attackers to read sensitive information via missing authorization checks on API endpoints. The vulnerability enables bypassing access controls to retrieve data that should be restricted, confirmed with CVSS 5.3 and EPSS 0.03% exploitation probability. No public exploit code or active exploitation has been identified at time of analysis.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-62964 MEDIUM This Month

Broken access control in RealMag777 MDTF (WordPress Meta Data Filter and Taxonomy Filter) plugin versions up to 1.3.6 allows low-privileged authenticated users to bypass authorization controls and access or modify sensitive metadata and taxonomy filter configurations. While rated CVSS 8.1 (High), real-world exploitation risk remains moderate with EPSS at 0.03% (9th percentile) and no confirmed active exploitation or public exploit code identified at time of analysis. This authentication bypass vulnerability was disclosed by Patchstack's security audit team.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-62884 MEDIUM This Month

Missing authorization in RelyWP Coupon Affiliates plugin (versions up to 7.2.0) allows unauthenticated remote attackers to access restricted functionality and read sensitive data due to inadequate access control list (ACL) enforcement. The vulnerability requires no authentication and has low attack complexity, enabling attackers to bypass WordPress permission checks and retrieve coupon-related information not intended for public access.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-62897 MEDIUM This Month

Improper neutralization of HTML script tags in WP Recipe Maker through version 10.0.x enables reflected cross-site scripting (XSS) attacks against users. The vulnerability affects the Brecht WP Recipe Maker WordPress plugin and requires user interaction (clicking a malicious link) to exploit. An attacker can inject arbitrary JavaScript into the page context, achieving code execution in the victim's browser with potential to steal session tokens or perform actions on behalf of authenticated users. The vulnerability has low real-world exploitation probability (EPSS 0.02%) and does not appear to be actively exploited in the wild.

XSS
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-62947 MEDIUM This Month

Sensitive data exposure in the Publitio WordPress plugin (versions ≤2.2.5) allows unauthenticated remote attackers to retrieve embedded sensitive information through network requests. The vulnerability exposes confidential data with high impact to confidentiality (CVSS C:H), though exploitation probability remains low (EPSS 3rd percentile). No public exploit identified at time of analysis, and exploitation requires no privileges or user interaction (PR:N/UI:N), making it trivially exploitable if targeted.

Information Disclosure
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-62988 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-62981 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Phishing.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.8.

Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-62928 MEDIUM This Month

Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Meta Description Updater: from n/a through <= 1.2.0.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-62915 MEDIUM This Month

Missing Authorization vulnerability in clicksend SMS Contact Form 7 Notifications by ClickSend clicksend-contactform7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Contact Form 7 Notifications by ClickSend: from n/a through <= 1.4.0.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-62906 MEDIUM This Month

Missing Authorization vulnerability in epiphanyit321 Referral Link Tracker referral-link-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Referral Link Tracker: from n/a through <= 1.1.4.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-62954 MEDIUM This Month

Broken access control in Revive Old Posts (tweet-old-post) WordPress plugin through version 9.3.3 allows authenticated attackers with low-level privileges to escalate permissions and execute high-impact operations including data exfiltration, modification, and service disruption. EPSS score of 0.05% (15th percentile) indicates low probability of mass exploitation, though the 8.8 CVSS score reflects significant potential damage once low-privilege access is obtained. No public exploit identified at time of analysis, and no CISA KEV listing exists.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy