Skip to main content
CVE-2025-63293 MEDIUM POC This Month

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rise Ultimate Project Manager
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0987 CRITICAL Act Now

CVLand versions 2.1.0 through 20251103 by CB Project Ltd. Co. permit authenticated attackers to bypass authorization controls via parameter injection, enabling elevated privilege actions and unauthorized access to sensitive data. The CVSS score of 9.9 reflects network-based exploitation with low complexity and scope change allowing high confidentiality and integrity impact. EPSS probability is 0.07% (22nd percentile), indicating relatively low observed exploitation likelihood despite the critical severity rating. No public exploit identified at time of analysis, though the vendor was notified and did not respond.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-12617 MEDIUM POC This Month

A flaw has been found in itsourcecode Billing System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-12608 MEDIUM POC This Month

A security flaw has been discovered in itsourcecode Online Loan Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-12606 MEDIUM POC This Month

A vulnerability was determined in itsourcecode Online Loan Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-12607 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Online Loan Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-12616 LOW POC Monitor

A vulnerability was detected in PHPGurukul News Portal 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-12612 LOW POC Monitor

A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0.php?action=delete_course. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-12610 LOW POC Monitor

A vulnerability was determined in CodeAstro Gym Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-12609 LOW POC Monitor

A vulnerability was found in CodeAstro Gym Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-12614 LOW POC Monitor

A weakness has been identified in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12615 LOW POC Monitor

A security vulnerability has been detected in PHPGurukul News Portal 1.0. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2025-64294 MEDIUM This Month

Missing Authorization vulnerability in d3wp WP Snow Effect allows Accessing Functionality Not Properly Constrained by ACLs.1.15. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2021-47698 MEDIUM This Month

Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s Views URL handling (escape_string()). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 4.0
5.1
EPSS
0.7%
CVE-2025-12626 LOW Monitor

A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-12623 LOW Monitor

A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2025-36172 MEDIUM This Month

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0.1 Interim Fix 004, 24.0.0 through 24.0.0 Interim Fix 006, and earlier unsupported releases IBM. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-34501 HIGH This Month

Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled by default. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-11193 MEDIUM This Month

A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2024-13998 MEDIUM This Month

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nagios Xi
NVD
CVSS 4.0
6.0
EPSS
1.3%
CVE-2024-13997 CRITICAL This Week

Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nagios Xi
NVD
CVSS 4.0
9.4
EPSS
0.2%
CVE-2025-12657 MEDIUM This Month

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-63593 MEDIUM POC This Month

Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grav
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-50735 HIGH POC This Month

Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nextchat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-12642 MEDIUM PATCH This Month

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Lighttpd
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-12531 HIGH This Month

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Infosphere Information Server
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-8558 LOW Monitor

Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Insider Threat Management Server
NVD
CVSS 4.0
2.3
EPSS
0.1%

Rejected reason: DO NOT USE THIS CVE RECORD. No vendor patch available.

Information Disclosure
NVD
CVE-2025-63441 HIGH This Month

Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Source Social Network
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-50363 MEDIUM POC This Month

Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Maid Hiring Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-12463 CRITICAL This Week

An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-11953 CRITICAL POC KEV PATCH THREAT Act Now

React Native Metro Development Server binds to external interfaces by default and contains an OS command injection endpoint, allowing unauthenticated network attackers to execute arbitrary code.

Command Injection Microsoft React Native Community Cli Windows Red Hat
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2025-10280 HIGH This Month

IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Identityiq
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-63453 CRITICAL POC Act Now

Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Car Booking System Php
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-63452 CRITICAL POC Act Now

Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Car Booking System Php
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2025-63451 CRITICAL POC Act Now

Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Car Booking System Php
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-63450 MEDIUM POC This Month

Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Car Booking System Php
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-63449 MEDIUM POC This Month

Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Water Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-63448 MEDIUM POC This Month

Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Water Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63447 MEDIUM POC This Month

Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Water Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63446 MEDIUM POC This Month

Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Water Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-60785 HIGH POC This Week

A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PostgreSQL Code Injection Icescrum
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-60503 HIGH POC This Week

A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ultimatepos
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-36093 MEDIUM Monitor

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-36092 MEDIUM This Month

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-36091 MEDIUM Monitor

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-11761 HIGH This Month

A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Client Management Script Library
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-8900 CRITICAL This Week

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-63443 MEDIUM POC This Month

School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Management System Php
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-63442 MEDIUM POC Monitor

Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple User Management System
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy