Skip to main content
CVE-2025-11749 CRITICAL POC THREAT Emergency

The AI Engine WordPress plugin through version 3.1.3 exposes Bearer Token values through the /mcp/v1/ REST API endpoint when the No-Auth URL feature is enabled. Unauthenticated attackers can extract this token to gain full API access, compromising AI assistant configurations and potentially accessing connected LLM provider API keys.

WordPress Information Disclosure Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
85.9%
Threat
6.0
CVE-2023-43000 HIGH POC KEV PATCH THREAT Act Now

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Memory Corruption Buffer Overflow Apple Use After Free Safari +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
Threat
4.8
CVE-2025-12139 HIGH POC THREAT Act Now

The File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.0% and no vendor patch available.

WordPress Google Information Disclosure PHP
NVD
CVSS 3.1
7.5
EPSS
22.0%
CVE-2025-56231 CRITICAL POC Act Now

Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Internet Download Manager
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-59716 MEDIUM POC This Month

{email}/{token} endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Guests
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2025-57130 HIGH This Week

Privilege escalation in ZwiiCMS content management system (versions up to and including v13.6.07) allows a low-privilege authenticated user to read and overwrite the profile data of any other account, including administrators, by manipulating a crafted HTTP request to the user management component. Because an attacker can rewrite an administrator's credentials, this effectively yields full administrative takeover of the CMS. EPSS is low (0.23%, 46th percentile) and there is no public exploit identified at time of analysis, so risk is elevated primarily by the low attack complexity rather than by evidence of in-the-wild use.

Authentication Bypass Zwiicms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-12779 HIGH This Week

Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-12745 LOW POC PATCH Monitor

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-55278 HIGH This Month

Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-63585 MEDIUM This Month

OSSN (Open Source Social Network) 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Open Source Social Network
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-60784 MEDIUM POC This Week

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Voluntary Like System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-63334 CRITICAL POC PATCH Act Now

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection RCE Pocketvj Control Panel Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-10853 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Api Control Plane Api Manager Enterprise Integrator Identity Server +5
NVD
CVSS 3.1
5.2
EPSS
0.1%
CVE-2025-63418 MEDIUM POC This Month

A DOM-based Cross-Site Scripting (XSS) vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Selfbest
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63417 HIGH POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Selfbest
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-63416 CRITICAL POC Act Now

** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privilege Escalation Selfbest
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-5770 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Api Control Plane Api Manager Identity Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-56232 MEDIUM POC This Week

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gog Galaxy
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-55343 CRITICAL This Week

Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txt_depe_codi, busqueda/busqueda.php txt_usua_codi, anexos_lista.php radi_temp,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Quipux
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-55342 MEDIUM This Month

Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Quipux
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-55341 MEDIUM This Month

Cross Site Scripting vulnerability in Quipux 4.0.1 through e1774ac allows anexos/anexos_nuevo.php asocImgRad. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Quipux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43418 MEDIUM Monitor

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os iOS
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-31954 MEDIUM This Month

HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dryice Iautomate
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-11093 HIGH This Month

An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Api Control Plane Api Manager Enterprise Integrator +3
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-10907 HIGH This Month

An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

File Upload RCE Api Control Plane Api Manager Enterprise Integrator +6
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2025-10713 MEDIUM This Month

An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Control Plane Api Manager Enterprise Integrator Identity Server +4
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-63248 HIGH POC This Month

DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dwsurvey
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57244 MEDIUM POC This Month

OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openkm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-46424 MEDIUM This Month

Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Cloudlink D-Link
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-46366 MEDIUM This Month

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Cloudlink D-Link
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-46365 MEDIUM This Month

Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink. Rated medium severity (CVSS 5.3). No vendor patch available.

Dell Command Injection Cloudlink D-Link
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-46364 CRITICAL This Week

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Privilege Escalation Cloudlink D-Link
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-45379 HIGH This Month

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Cloudlink D-Link
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2025-45378 CRITICAL This Week

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Authentication Bypass Cloudlink D-Link
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-43990 HIGH This Month

Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Command Monitor
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-30479 HIGH This Month

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Cloudlink D-Link
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2025-20377 MEDIUM Monitor

A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20376 MEDIUM This Month

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cisco Unified Contact Center Express
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20375 MEDIUM This Month

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cisco Unified Contact Center Express
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20374 MEDIUM Monitor

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Unified Contact Center Express
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-20358 CRITICAL This Week

A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Contact Center Express
NVD
CVSS 3.1
9.4
EPSS
0.6%
CVE-2025-20354 CRITICAL This Week

A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cisco Authentication Bypass Java Unified Contact Center Express
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-20343 HIGH This Month

A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Identity Services Engine
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-20305 MEDIUM Monitor

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20304 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-20303 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-20289 MEDIUM Monitor

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-63601 CRITICAL PATCH This Week

Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Snipe It
NVD GitHub
CVSS 3.1
9.9
EPSS
0.6%
CVE-2025-61304 CRITICAL POC Act Now

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Activegate Ping Extension
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-60753 MEDIUM POC PATCH This Month

An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libarchive Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy