Skip to main content
CVE-2025-12480 CRITICAL POC KEV THREAT Emergency

Triofox versions before 16.7.10368.56560 contain an improper access control flaw allowing access to initial setup pages after setup is complete, enabling reconfiguration attacks.

Authentication Bypass Triofox
NVD GitHub
CVSS 3.1
9.1
EPSS
75.9%
Threat
7.1
CVE-2021-4462 CRITICAL POC THREAT Emergency

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.9%.

File Upload PHP Employee Records System
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
20.9%
Threat
4.0
CVE-2025-64522 CRITICAL POC PATCH Act Now

Soft Serve is a self-hostable Git server for the command line. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Soft Serve
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-64513 CRITICAL PATCH This Week

Milvus is an open-source vector database built for generative AI applications. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-12868 CRITICAL This Week

New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-12866 CRITICAL This Week

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy