Skip to main content
CVE-2025-12480 CRITICAL POC KEV THREAT Emergency

Triofox versions before 16.7.10368.56560 contain an improper access control flaw allowing access to initial setup pages after setup is complete, enabling reconfiguration attacks.

Authentication Bypass Triofox
NVD GitHub
CVSS 3.1
9.1
EPSS
75.9%
Threat
7.1
CVE-2021-4462 CRITICAL POC THREAT Emergency

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.9%.

File Upload PHP Employee Records System
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
20.9%
Threat
4.0
CVE-2018-25124 HIGH POC This Week

PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
1.8%
CVE-2025-63397 MEDIUM POC This Month

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Oneflow
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-60876 MEDIUM POC PATCH CISA This Month

BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-12928 MEDIUM POC This Month

A vulnerability was detected in code-projects Online Job Search Engine 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-12929 MEDIUM POC This Month

A flaw has been found in SourceCodester Survey Application System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-12938 MEDIUM POC This Month

A vulnerability was identified in projectworlds Online Admission System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-12967 HIGH PATCH This Week

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Python Privilege Escalation
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-62780 LOW POC PATCH Monitor

changedetection.io is a free open source web page change detection tool. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Changedetection
NVD GitHub
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-12921 LOW POC Monitor

A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-12939 LOW POC Monitor

A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-12933 LOW POC Monitor

A vulnerability was identified in SourceCodester Baby Care System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-12931 LOW POC Monitor

A vulnerability was found in SourceCodester Food Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-12930 LOW POC Monitor

A vulnerability has been found in SourceCodester Food Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-12926 LOW POC Monitor

A weakness has been identified in SourceCodester Farm Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-12923 LOW POC Monitor

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-12932 LOW POC Monitor

A vulnerability was determined in SourceCodester Baby Care System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12922 LOW Monitor

A vulnerability was found in OpenClinica Community Edition up to 3.12.2/3.13. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-12927 LOW Monitor

A security vulnerability has been detected in DedeBIZ up to 6.3.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-64529 LOW PATCH Monitor

SpiceDB is an open source database system for creating and managing security-critical application permissions. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Spicedb
NVD GitHub
CVSS 4.0
2.7
EPSS
0.1%
CVE-2025-64522 CRITICAL POC PATCH Act Now

Soft Serve is a self-hostable Git server for the command line. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Soft Serve
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-64519 HIGH POC PATCH This Week

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Torrentpier
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-63678 HIGH POC This Month

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP RCE File Manager
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-11892 HIGH This Month

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Privilege Escalation Enterprise Server
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-11578 HIGH This Month

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-64518 HIGH PATCH This Month

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64513 CRITICAL PATCH This Week

Milvus is an open-source vector database built for generative AI applications. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-64512 HIGH POC PATCH This Week

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Pdfminer Six Debian Linux Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-64509 HIGH PATCH This Month

Bugsink is a self-hosted error tracking tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64508 HIGH PATCH This Month

Bugsink is a self-hosted error tracking tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-64507 HIGH POC PATCH GHSA This Week

Incus is a system container and virtual machine manager. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Incus Red Hat Suse
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-64504 MEDIUM PATCH This Month

Langfuse is an open source large language model engineering platform. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Langfuse
NVD GitHub
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-64502 MEDIUM PATCH This Month

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-64501 HIGH PATCH This Month

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-64484 HIGH PATCH This Month

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Python Red Hat
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-64183 MEDIUM POC PATCH GHSA This Month

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Openexr Red Hat +1
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-64182 MEDIUM POC PATCH GHSA This Month

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Python Openexr Red Hat +1
NVD GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-64181 LOW POC PATCH GHSA Monitor

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Rated low severity (CVSS 2.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openexr
NVD GitHub
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-64167 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Itop
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-49145 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-63617 MEDIUM POC This Week

ktg-mes before commit a484f96 (2025-07-03) has a fastjson deserialization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Ktg Mes
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-63296 MEDIUM POC This Week

KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anyka_service.sh scans mounted TF/SD. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Kerui K259 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-48878 MEDIUM Monitor

Combodo iTop is a web based IT service management tool. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Itop
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-48065 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48055 HIGH This Month

Combodo iTop is a web based IT service management tool. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-63384 MEDIUM POC This Week

A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and before implementation where the SRET (Supervisor-mode Exception Return) instruction fails to correctly transition the processor's. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocketchip
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-63149 HIGH POC This Month

Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Denial Of Service Buffer Overflow Ax3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-56503 MEDIUM This Month

An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy