Skip to main content
CVE-2025-33012 MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Db2
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-2534 MEDIUM This Month

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Microsoft IBM Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12890 MEDIUM This Month

Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF triggers a crash. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-47118 MEDIUM This Month

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow IBM Microsoft Denial Of Service +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-9458 HIGH This Month

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Shared Components
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-64430 HIGH PATCH This Month

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js SSRF File Upload
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-64347 HIGH PATCH This Month

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63718 MEDIUM POC This Week

A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Patients Waiting Area Queue Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-63716 MEDIUM POC This Week

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized state-changing operations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Leads Manager Tool
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-63714 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Modern User Account Generator
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63713 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Matching Type Test
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-57697 MEDIUM POC This Week

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Astrbot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-7719 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova Smallworld on Windows, Linux allows File Manipulation.3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft Windows
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-63785 MEDIUM POC This Month

A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the text editor feature of the Onlook web application 0.2.32. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onlook
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-63784 MEDIUM POC This Week

An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Onlook
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-57698 HIGH POC This Month

AstrBot Project v3.5.22 contains a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Astrbot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-3222 CRITICAL This Week

Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.3.3 and prior versions for Linux, and 5.3.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-63783 HIGH POC This Month

A Broken Object Level Authorization (BOLA) vulnerability was discovered in the tRPC project mutation APIs (update, delete, add/remove tag) of the Onlook web application 0.2.32. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Onlook
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-63691 CRITICAL POC Act Now

In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface (/api/admin/sys-token/page) has an improper permission. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pig
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-63690 CRITICAL POC Act Now

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Tomcat Pig
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2025-63689 CRITICAL POC PATCH Act Now

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi RCE Money Pos
NVD GitHub
CVSS 3.1
10.0
EPSS
0.4%
CVE-2025-63687 MEDIUM POC This Week

An issue was discovered in rymcu forest thru commit f782e85 (2025-09-04) in function doBefore in file src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java, allowing authorized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Forest
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-63686 MEDIUM POC This Week

There is an arbitrary file download vulnerability in GuoMinJim PersonManage thru commit 5a02b1ab208feacf3a34fc123c9381162afbaa95 (2020-11-23) in the document query function under the Download Center. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Personmanage
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-58469 LOW Monitor

A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. Rated low severity (CVSS 1.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Qulog Center
NVD
CVSS 4.0
1.2
EPSS
0.1%
CVE-2025-58465 LOW Monitor

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Download Station
NVD
CVSS 4.0
2.2
EPSS
0.1%
CVE-2025-58464 HIGH This Month

A relative path traversal vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Qumagie
NVD
CVSS 4.0
7.8
EPSS
0.1%
CVE-2025-58463 LOW Monitor

A relative path traversal vulnerability has been reported to affect Download Station. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Download Station
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-57712 MEDIUM Monitor

A path traversal vulnerability has been reported to affect Qsync Central. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Qsync Central
NVD
CVSS 4.0
4.0
EPSS
0.1%
CVE-2025-57706 LOW Monitor

A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Station
NVD
CVSS 4.0
2.2
EPSS
0.1%
CVE-2025-54168 LOW Monitor

A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qulog Center
NVD
CVSS 4.0
2.2
EPSS
0.1%
CVE-2025-54167 HIGH This Month

A cross-site scripting (XSS) vulnerability has been reported to affect Notification Center. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
7.2
EPSS
0.2%
CVE-2025-53413 MEDIUM Monitor

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
NVD
CVSS 4.0
4.9
EPSS
0.2%
CVE-2025-53412 LOW Monitor

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated low severity (CVSS 0.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
CVSS 4.0
0.6
EPSS
0.2%
CVE-2025-53411 LOW Monitor

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated low severity (CVSS 1.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
NVD
CVSS 4.0
1.2
EPSS
0.2%
CVE-2025-53410 MEDIUM Monitor

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
NVD
CVSS 4.0
4.9
EPSS
0.2%
CVE-2025-53409 MEDIUM Monitor

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service File Station
NVD
CVSS 4.0
4.9
EPSS
0.2%
CVE-2025-53408 LOW Monitor

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated low severity (CVSS 1.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
CVSS 4.0
1.3
EPSS
0.2%
CVE-2025-52865 LOW Monitor

A NULL pointer dereference vulnerability has been reported to affect File Station 5. Rated low severity (CVSS 1.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
CVSS 4.0
1.3
EPSS
0.2%
CVE-2025-52425 CRITICAL This Week

An SQL injection vulnerability has been reported to affect QuMagie. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
CVSS 4.0
9.5
EPSS
0.2%
CVE-2025-47207 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several product versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference File Station
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-10870 CRITICAL This Week

SQL injection vulnerability in DIAL's CentrosNet v2.64. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-46413 MEDIUM This Month

Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-64346 MEDIUM PATCH This Month

archives is a Go library for extracting archives (tar, zip, etc.). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-64343 HIGH This Month

(conda) Constructor is a tool that enables users to create installers for conda package collections. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-64339 HIGH POC PATCH This Month

ClipBucket v5 is an open source video sharing platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Clipbucket
NVD GitHub
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-12527 MEDIUM Monitor

The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydev_notes_save_dashboard_data' function in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12520 MEDIUM Monitor

The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-64338 MEDIUM POC PATCH This Month

ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Clipbucket
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-64336 HIGH POC PATCH This Month

ClipBucket v5 is an open source video sharing platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Clipbucket
NVD GitHub
CVSS 4.0
7.2
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy