Skip to main content
CVE-2025-64328 HIGH POC KEV THREAT Act Now

FreePBX Endpoint Manager contains a post-authentication command injection via the testconnection/check_ssh_connect function, allowing authenticated users to execute OS commands.

Command Injection Firestore
NVD GitHub
CVSS 4.0
8.6
EPSS
81.9%
Threat
7.2
CVE-2025-10968 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-37736 HIGH This Month

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Authentication Bypass Privilege Escalation Elastic Cloud Enterprise
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-60574 HIGH POC This Month

A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tquadra Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64442 HIGH PATCH This Month

HumHub is an Open Source Enterprise Social Network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Humhub
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-64439 HIGH PATCH This Month

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE
NVD GitHub
CVSS 4.0
7.4
EPSS
0.8%
CVE-2025-64431 HIGH PATCH This Month

Zitadel is an open source identity management platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-36186 HIGH This Month

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Privilege Escalation IBM Db2 Windows
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-9458 HIGH This Month

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Shared Components
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-64430 HIGH PATCH This Month

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js SSRF File Upload
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-64347 HIGH PATCH This Month

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57698 HIGH POC This Month

AstrBot Project v3.5.22 contains a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Astrbot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-63783 HIGH POC This Month

A Broken Object Level Authorization (BOLA) vulnerability was discovered in the tRPC project mutation APIs (update, delete, add/remove tag) of the Onlook web application 0.2.32. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Onlook
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-58464 HIGH This Month

A relative path traversal vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Qumagie
NVD
CVSS 4.0
7.8
EPSS
0.1%
CVE-2025-54167 HIGH This Month

A cross-site scripting (XSS) vulnerability has been reported to affect Notification Center. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
7.2
EPSS
0.2%
CVE-2025-64343 HIGH This Month

(conda) Constructor is a tool that enables users to create installers for conda package collections. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-64339 HIGH POC PATCH This Month

ClipBucket v5 is an open source video sharing platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Clipbucket
NVD GitHub
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-64336 HIGH POC PATCH This Month

ClipBucket v5 is an open source video sharing platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Clipbucket
NVD GitHub
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-4519 HIGH PATCH This Month

The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Privilege Escalation Idonate PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-64184 HIGH PATCH This Month

Dosage is a comic strip downloader and archiver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-5483 HIGH This Month

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress PHP Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy