THREAT ALERT

ACT NOW CVE-2025-13223 8.8 Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day in 2025, exploited in targeted attacks. | ACT NOW CVE-2025-64446 9.8 Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative commands through crafted HTTP/HTTPS requests. | ACT NOW CVE-2025-62215 7.0 Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource access with improper synchronization. | ACT NOW CVE-2025-12480 9.1 Triofox versions before 16.7.10368.56560 contain an improper access control flaw allowing access to initial setup pages after setup is complete, enabling reconfiguration attacks. | ACT NOW CVE-2025-34299 9.3 Monsta FTP web-based file manager versions 2.11 and earlier allow unauthenticated arbitrary file uploads. The vulnerability enables attackers to upload malicious files from a compromised FTP server, which are then executed on the Monsta FTP server, achieving remote code execution. | ACT NOW CVE-2025-64328 8.6 FreePBX Endpoint Manager contains a post-authentication command injection via the testconnection/check_ssh_connect function, allowing authenticated users to execute OS commands. | ACT NOW CVE-2025-11953 9.8 React Native Metro Development Server binds to external interfaces by default and contains an OS command injection endpoint, allowing unauthenticated network attackers to execute arbitrary code. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — November 17, 2025

119 CVEs tracked today. 5 Critical, 33 High, 76 Medium, 3 Low.

CVE-2025-63747 CRITICAL CVSS 9.8
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Qatraq
CVE-2025-13223 HIGH CVSS 8.8
Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day in 2025, exploited in targeted attacks.

Memory Corruption Google Information Disclosure Chrome Redhat
CVE-2024-44659 CRITICAL CVSS 9.8
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shopping Portal
CVE-2025-13284 CRITICAL CVSS 9.3
ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
CVE-2025-10460 CRITICAL CVSS 9.4
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
CVE-2025-9501 CRITICAL CVSS 9.0
The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress PHP Command Injection
CVE-2025-65073 HIGH CVSS 7.5
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Redhat
CVE-2025-64756 HIGH CVSS 7.5
Glob matches files using patterns the shell uses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Command Injection RCE Glob Redhat Suse
CVE-2025-63917 HIGH CVSS 7.1
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Denial Of Service Information Disclosure SSRF Pdfpatcher
CVE-2025-63916 HIGH CVSS 8.1
MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Myscreentools
CVE-2025-63748 HIGH CVSS 8.8
QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Qatraq
CVE-2025-62519 HIGH CVSS 7.2
phpMyFAQ is an open source FAQ web application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Phpmyfaq
CVE-2025-58410 HIGH CVSS 7.5
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ddk
CVE-2025-58407 HIGH CVSS 7.4
Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ddk
CVE-2025-40936 HIGH CVSS 7.3
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V29.0.258), Solid Edge (All versions < V226.00 Update 03). Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure
CVE-2025-36553 HIGH CVSS 8.8
A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow
CVE-2025-36463 HIGH CVSS 7.3
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Broadcom
CVE-2025-36462 HIGH CVSS 7.3
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Broadcom
CVE-2025-36461 HIGH CVSS 7.3
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Broadcom
CVE-2025-36460 HIGH CVSS 7.3
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Broadcom
CVE-2025-36357 HIGH CVSS 8.0
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics Local Planning Analytics Workspace
CVE-2025-36118 HIGH CVSS 7.5
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Storage Virtualize
CVE-2025-34323 HIGH CVSS 8.5
Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Log Server
CVE-2025-34322 HIGH CVSS 8.6
Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Log Server
CVE-2025-32089 HIGH CVSS 8.8
A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow RCE
CVE-2025-31649 HIGH CVSS 8.7
A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure
CVE-2025-31361 HIGH CVSS 8.7
A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation
CVE-2025-13319 HIGH CVSS 8.8
An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection
CVE-2025-13305 HIGH CVSS 7.4
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 825M Firmware Dwr M920 Firmware Dwr M921 Firmware
CVE-2025-13304 HIGH CVSS 7.4
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 825M Firmware Dwr M920 Firmware Dwr M921 Firmware
CVE-2025-13288 HIGH CVSS 7.4
A security vulnerability has been detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ch22 Firmware
CVE-2025-13283 HIGH CVSS 7.0
TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF Tenderdoctransfer
CVE-2025-13282 HIGH CVSS 7.0
TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF Tenderdoctransfer
CVE-2025-13258 HIGH CVSS 7.4
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac20 Firmware
CVE-2025-13224 HIGH CVSS 8.8
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Redhat
CVE-2025-13165 HIGH CVSS 8.7
EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
CVE-2025-11681 HIGH CVSS 7.1
Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
CVE-2025-4321 HIGH CVSS 7.1
In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it receives malformed L2CAP packets, only hard reset will bring the device to normal operation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
CVE-2025-64766 MEDIUM CVSS 5.3
NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
CVE-2025-64758 MEDIUM CVSS 4.8
@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
CVE-2025-64342 MEDIUM CVSS 6.9
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-64046 MEDIUM CVSS 6.1
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /system/update-run.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Rapidcms
CVE-2025-63918 MEDIUM CVSS 6.2
PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pdfpatcher
CVE-2025-63708 MEDIUM CVSS 6.1
Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ai Font Matcher
CVE-2025-55059 MEDIUM CVSS 4.8
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rumpus
CVE-2025-55058 MEDIUM CVSS 4.5
CWE-20 Improper Input Validation. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rumpus
CVE-2025-55057 MEDIUM CVSS 4.5
Multiple CWE-352 Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Rumpus
CVE-2025-55056 MEDIUM CVSS 4.8
Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rumpus
CVE-2025-55055 MEDIUM CVSS 6.8
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rumpus
CVE-2025-40834 MEDIUM CVSS 6.8
A vulnerability has been identified in Mendix RichText (All versions >= V4.0.0 < V4.6.1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
CVE-2025-36299 MEDIUM CVSS 4.3
IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics Local Planning Analytics Workspace
CVE-2025-13303 MEDIUM CVSS 5.3
A vulnerability was determined in code-projects Courier Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Courier Management System
CVE-2025-13302 MEDIUM CVSS 5.1
A vulnerability was identified in code-projects Courier Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Courier Management System
CVE-2025-13301 MEDIUM CVSS 6.9
A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Web Based Internet Laboratory Management System
CVE-2025-13300 MEDIUM CVSS 6.9
A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Web Based Internet Laboratory Management System
CVE-2025-13299 MEDIUM CVSS 6.9
A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Web Based Internet Laboratory Management System
CVE-2025-13298 MEDIUM CVSS 6.9
A vulnerability was detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Web Based Internet Laboratory Management System
CVE-2025-13297 MEDIUM CVSS 6.9
A security vulnerability has been detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Web Based Internet Laboratory Management System
CVE-2025-13291 MEDIUM CVSS 6.9
A vulnerability was found in Campcodes Supplier Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
CVE-2025-13290 MEDIUM CVSS 5.3
A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Food Ordering System
CVE-2025-13289 MEDIUM CVSS 5.3
A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Design Development Of Student Database Management System
CVE-2025-13287 MEDIUM CVSS 5.3
A weakness has been identified in itsourcecode Online Voting System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Voting System
CVE-2025-13286 MEDIUM CVSS 5.3
A security flaw has been discovered in itsourcecode Online Voting System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Voting System
CVE-2025-13285 MEDIUM CVSS 6.9
A vulnerability was identified in itsourcecode Online Voting System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Voting System
CVE-2025-13280 MEDIUM CVSS 6.9
A vulnerability was determined in CodeAstro Simple Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Inventory System
CVE-2025-13279 MEDIUM CVSS 5.3
A vulnerability was found in code-projects Nero Social Networking Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nero Social Networking Site
CVE-2025-13278 MEDIUM CVSS 5.3
A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Advanced Library Management System
CVE-2025-13277 MEDIUM CVSS 6.9
A flaw has been found in code-projects Nero Social Networking Site 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nero Social Networking Site
CVE-2025-13276 MEDIUM CVSS 6.9
A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
CVE-2025-13275 MEDIUM CVSS 5.1
A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Authentication Bypass
CVE-2025-13274 MEDIUM CVSS 5.3
A weakness has been identified in Campcodes School Fees Payment Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Fees Payment Management System
CVE-2025-13273 MEDIUM CVSS 5.3
A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Fees Payment Management System
CVE-2025-13272 MEDIUM CVSS 6.9
A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Fees Payment Management System
CVE-2025-13271 MEDIUM CVSS 6.9
A vulnerability was determined in Campcodes School Fees Payment Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Fees Payment Management System
CVE-2025-13270 MEDIUM CVSS 5.3
A vulnerability was found in Campcodes School Fees Payment Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Fees Payment Management System
CVE-2025-13269 MEDIUM CVSS 5.3
A vulnerability has been found in Campcodes School Fees Payment Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Fees Payment Management System
CVE-2025-13268 MEDIUM CVSS 5.3
A flaw has been found in Dromara dataCompare up to 1.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Code Injection
CVE-2025-13267 MEDIUM CVSS 5.3
A vulnerability was detected in SourceCodester Dental Clinic Appointment Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dental Clinic Appointment Reservation System
CVE-2025-13266 MEDIUM CVSS 5.5
A security vulnerability has been detected in wwwlike vlife up to 2.0.1.java of the component VLifeApi. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
CVE-2025-13265 MEDIUM CVSS 5.3
A weakness has been identified in lsfusion platform up to 6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Lsfusion Platform
CVE-2025-13264 MEDIUM CVSS 5.3
A security flaw has been discovered in SourceCodester Online Magazine Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Magazine Management System
CVE-2025-13263 MEDIUM CVSS 5.3
A vulnerability was identified in SourceCodester Online Magazine Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Magazine Management System
CVE-2025-13262 MEDIUM CVSS 6.9
A vulnerability was determined in lsfusion platform up to 6.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Lsfusion Platform
CVE-2025-13261 MEDIUM CVSS 5.5
A vulnerability was found in lsfusion platform up to 6.1. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Lsfusion Platform
CVE-2025-13260 MEDIUM CVSS 5.3
A vulnerability has been found in Campcodes Supplier Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
CVE-2025-13259 MEDIUM CVSS 5.3
A flaw has been found in Campcodes Supplier Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
CVE-2025-13257 MEDIUM CVSS 6.9
A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Inventory Management System
CVE-2025-13256 MEDIUM CVSS 5.3
A weakness has been identified in projectworlds Advanced Library Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Advanced Library Management System
CVE-2025-13255 MEDIUM CVSS 5.3
A security flaw has been discovered in projectworlds Advanced Library Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Advanced Library Management System
CVE-2025-13254 MEDIUM CVSS 5.3
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Advanced Library Management System
CVE-2025-13253 MEDIUM CVSS 5.3
A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Advanced Library Management System
CVE-2025-13193 MEDIUM CVSS 5.5
A flaw was found in libvirt. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Privilege Escalation Redhat Suse
CVE-2025-13164 MEDIUM CVSS 6.9
EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-13163 MEDIUM CVSS 6.9
EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-7711 MEDIUM CVSS 5.4
The The Classified Listing - Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE Code Injection PHP
CVE-2024-46336 MEDIUM CVSS 6.1
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Management System
CVE-2024-46335 MEDIUM CVSS 4.6
PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complaint Management System
CVE-2024-46334 MEDIUM CVSS 6.1
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Management System
CVE-2024-44664 MEDIUM CVSS 6.5
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shopping Portal
CVE-2024-44663 MEDIUM CVSS 6.5
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shopping Portal
CVE-2024-44662 MEDIUM CVSS 6.5
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Shopping Portal
CVE-2024-44661 MEDIUM CVSS 5.4
PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
CVE-2024-44660 MEDIUM CVSS 6.5
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shopping Portal
CVE-2024-44658 MEDIUM CVSS 6.5
PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the subcategory and category parameters in subcategory.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaint Management System
CVE-2024-44657 MEDIUM CVSS 6.5
PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the fromdate and todate parameters in between-date-userreport.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaint Management System
CVE-2024-44655 MEDIUM CVSS 6.1
PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) via the search parameter in user-search.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complaint Management System
CVE-2024-44654 MEDIUM CVSS 6.5
PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the email and mobileno parameters in reset-password.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaint Management System
CVE-2024-44653 MEDIUM CVSS 6.5
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecommerce Website
CVE-2024-44652 MEDIUM CVSS 6.5
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email, username, user_firstname, user_lastname, and user_address parameters in user_register.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecommerce Website
CVE-2024-44651 MEDIUM CVSS 6.5
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recover_email parameter in user_password_recover.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecommerce Website
CVE-2024-44648 MEDIUM CVSS 6.5
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Small Crm
CVE-2024-44647 MEDIUM CVSS 6.1
PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Small Crm
CVE-2024-44644 MEDIUM CVSS 6.5
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Small Crm
CVE-2024-44641 MEDIUM CVSS 6.5
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Small Crm
CVE-2025-65083 LOW CVSS 3.2
GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
CVE-2025-63292 LOW CVSS 3.5
Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 Révolution r1-r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), and Freebox One (firmware = 4.7.x) were. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft V5 Hd Firmware V5 Crystal Firmware V6 Revolution Firmware
CVE-2025-60022 LOW CVSS 2.3
Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
CVE-2025-13310 None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
CVE-2025-13216 None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure

Today's Vulnerabilities Vulnerabilities