Skip to main content
CVE-2023-49440 HIGH POC This Week

AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the "preview parameter.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-55752 HIGH POC PATCH CISA This Week

Path traversal in Apache Tomcat versions 9.x through 11.x allows authenticated attackers to bypass security constraints protecting /WEB-INF/ and /META-INF/ directories when URL rewriting rules manipulate query parameters. Successful exploitation combined with enabled PUT requests enables remote code execution through malicious file upload. Apache Security Team confirms publicly available exploit code exists. The vulnerability stems from a regression in the fix for bug 60013, where URL normalization occurs before decoding, creating an exploitable window in specific rewrite configurations.

Apache Tomcat Path Traversal RCE Red Hat +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12235 HIGH POC This Week

Buffer overflow in Tenda CH22 router firmware 1.0.0.1 allows authenticated attackers on the adjacent network to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability exists in the fromSetIpBind function accessible via /goform/SetIpBind endpoint when processing the 'page' parameter. A public proof-of-concept exploit has been published on GitHub, lowering the barrier to exploitation, though no active exploitation has been confirmed by CISA KEV at time of analysis.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.2%
CVE-2025-62962 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio CloudSearch cloud-search allows Stored XSS.This issue affects CloudSearch: from n/a through <= 3.0.0.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-62957 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through <= 1.0.0.

WordPress CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-62956 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through <= 2.0.1.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-62945 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through <= 1.0.30.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-62934 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through <= 1.4.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-62933 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through <= 2.2.1.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-62896 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Stored XSS.This issue affects Multilang Contact Form: from n/a through <= 1.5.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-62886 HIGH This Week

Cross-site request forgery enables stored XSS injection in WordPress Pricing Table builder plugin versions up to 1.5.3. Remote unauthenticated attackers can trick authenticated WordPress administrators into executing malicious requests that inject persistent JavaScript payloads into pricing table configurations. EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability, and no active exploitation has been confirmed via CISA KEV. The changed scope (S:C) in CVSS vector indicates potential for broader site compromise beyond the plugin's security context.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy