Skip to main content
CVE-2025-54342 LOW Monitor

A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pingalert Application Server
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-54340 MEDIUM Monitor

A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Rated medium severity (CVSS 4.1). No vendor patch available.

Information Disclosure Pingalert Application Server
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-54339 CRITICAL This Week

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pingalert Application Server
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-4618 MEDIUM Monitor

A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
CVSS 4.0
4.4
EPSS
0.0%
CVE-2025-4617 LOW Monitor

An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the. Rated low severity (CVSS 1.1), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Authentication Bypass Windows
NVD
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-4616 LOW Monitor

An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls. Rated low severity (CVSS 1.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto
NVD
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-13204 HIGH POC PATCH This Month

npm package `expr-eval` is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Prototype Pollution RCE Javascript Expression Evaluator Red Hat
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-8870 MEDIUM This Month

On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.6
EPSS
0.0%
CVE-2024-55016 MEDIUM POC This Week

PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-44640 MEDIUM POC This Week

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-44639 MEDIUM POC This Week

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-44636 MEDIUM This Month

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Student Record System
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-44635 MEDIUM POC This Month

PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting (XSS) via adminname and aemailid parameters in /admin-profile.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Student Record System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-44633 MEDIUM POC This Week

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-44632 MEDIUM POC This Week

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-44630 MEDIUM POC This Week

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-42749 MEDIUM POC This Month

Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Alto Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-21635 HIGH POC PATCH This Month

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Memos
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-9982 MEDIUM This Month

A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Quick Cms
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-12149 MEDIUM This Month

In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security (DLS) is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced,. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-11918 HIGH This Month

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Stack Overflow Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-10018 MEDIUM Monitor

QuickCMS is vulnerable to multiple Stored XSS in language editor functionality (languages). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Quick Cms
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-11981 MEDIUM Monitor

The School Management System - WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-11794 MEDIUM PATCH Monitor

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-55073 MEDIUM PATCH This Month

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-55070 MEDIUM PATCH This Month

Mattermost versions <11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-41436 LOW PATCH Monitor

Mattermost versions <11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Mattermost Server
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-11776 MEDIUM PATCH Monitor

Mattermost versions <11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-64444 HIGH This Month

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1.4.48.16 and earlier. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.6
EPSS
1.2%
CVE-2025-10686 HIGH This Month

The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE
NVD WPScan
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-13161 HIGH This Month

IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-13160 MEDIUM This Month

IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-9479 MEDIUM POC Monitor

Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Red Hat +1
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-13107 MEDIUM POC Monitor

Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-13102 MEDIUM Monitor

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-13097 MEDIUM POC This Month

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chrome Red Hat
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-12904 HIGH This Month

The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insert_data' AJAX endpoint in all versions up to, and including, 0.4.17 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-9126 HIGH POC This Month

Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Apple Memory Corruption Denial Of Service Use After Free +2
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-7021 MEDIUM Monitor

Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft Chrome Windows
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-7017 HIGH POC This Month

Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Race Condition Information Disclosure Chrome Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13983 MEDIUM POC This Month

Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Apple Google Chrome iOS
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-13178 MEDIUM POC Monitor

Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-11920 MEDIUM POC Monitor

Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Information Disclosure Chrome
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-11919 MEDIUM POC Monitor

Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy