Skip to main content
CVE-2025-58034 HIGH POC KEV THREAT Act Now

Fortinet FortiWeb contains an authenticated OS command injection allowing privilege escalation to execute unauthorized commands on the web application firewall.

Command Injection Fortinet Fortiweb
NVD
CVSS 3.1
7.2
EPSS
50.7%
Threat
6.0
CVE-2025-63892 MEDIUM POC This Month

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Student Grades Management System
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-13344 MEDIUM POC This Month

A weakness has been identified in SourceCodester Train Station Ticketing System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13323 MEDIUM POC This Month

A security flaw has been discovered in code-projects Simple Pizza Ordering System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13069 HIGH This Week

The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE WordPress
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-61662 HIGH PATCH This Week

A use-after-free vulnerability exists in GRUB's gettext module where the gettext command remains registered after module unloading, allowing attackers with local access and low privileges to trigger memory corruption. Successful exploitation can lead to denial of service through GRUB crashes and potentially compromise system confidentiality and integrity. With an EPSS score of only 0.01%, real-world exploitation is currently unlikely, and patches are available from Red Hat and other vendors.

Denial Of Service Memory Corruption Use After Free Grub2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-53843 HIGH This Week

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-58413 HIGH This Week

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-12411 HIGH This Week

The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'ID' parameter in versions up to, and including, 1.1.10. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-63258 MEDIUM This Month

A remote command execution (RCE) vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points (versions R0162P07,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-12457 MEDIUM This Month

The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-12079 MEDIUM This Month

The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-13306 LOW POC Monitor

A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13345 LOW POC Monitor

A security vulnerability has been detected in SourceCodester Train Station Ticketing System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13325 LOW POC Monitor

A vulnerability was determined in itsourcecode Student Information System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13347 LOW POC Monitor

A flaw has been found in SourceCodester Train Station Ticketing System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13346 LOW POC Monitor

A vulnerability was detected in SourceCodester Train Station Ticketing System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13349 LOW POC Monitor

A vulnerability has been found in SourceCodester Student Grades Management System 1.0.php of the component Add New Grade Page. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-13343 LOW POC Monitor

A security flaw has been discovered in SourceCodester Interview Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-54821 MEDIUM This Month

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS. Rated low severity (CVSS 1.9). No vendor patch available.

Fortinet Privilege Escalation Fortiproxy Fortipam Fortios
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-11427 MEDIUM This Month

The WP Migrate Lite - WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via the wpmdb_flush AJAX. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-12392 MEDIUM This Month

The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_optin_optout' function in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12391 MEDIUM This Month

The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_optin_optout() function in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-61663 MEDIUM PATCH This Month

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-54771 MEDIUM PATCH This Month

A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-54770 MEDIUM PATCH This Month

A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-61664 MEDIUM PATCH This Month

A vulnerability in the GRUB2 bootloader has been identified in the normal module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-61661 MEDIUM PATCH This Month

A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-65093 MEDIUM POC PATCH This Month

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Librenms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-65015 CRITICAL POC PATCH Act Now

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Joserfc Red Hat Suse
NVD GitHub
CVSS 4.0
9.2
EPSS
0.1%
CVE-2025-65014 LOW POC PATCH Monitor

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Brute Force Information Disclosure Librenms
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-65013 MEDIUM PATCH This Month

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-65012 MEDIUM PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kirby
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-64515 MEDIUM PATCH Monitor

Open Forms allows users create and publish smart forms. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Open Forms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64325 HIGH POC This Week

Emby Server is a personal media server. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Emby
NVD GitHub
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-64324 HIGH POC PATCH This Week

KubeVirt is a virtual machine management add-on for Kubernetes. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kubernetes Kubevirt Red Hat Suse
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-62406 HIGH POC PATCH This Week

Piwigo is a full featured open source photo gallery application for the web. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Piwigo
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-54990 MEDIUM PATCH This Month

XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-63229 MEDIUM POC This Month

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting (XSS) vulnerability in the /main0.php endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Mozart Next 100 Firmware Mozart Next 1000 Firmware +20
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-63217 CRITICAL POC Act Now

The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Id Mux Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-63216 CRITICAL POC Act Now

The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Idgateway Firmware
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-63215 HIGH POC This Month

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Impact Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-12119 MEDIUM PATCH This Month

A mongoc_bulk_operation_t may read invalid memory if large options are passed. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure C Driver Php Driver
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-63228 CRITICAL POC Act Now

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP RCE Mozart Next 100 Firmware Mozart Next 1000 Firmware +20
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-63227 HIGH POC This Month

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Mozart Next 100 Firmware Mozart Next 1000 Firmware Mozart Next 2000 Firmware +19
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-63226 MEDIUM This Month

The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Decoder Ccv2 Firmware Smp100 Firmware En2Sdi 2Hd Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-37162 MEDIUM This Month

A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-37161 HIGH This Month

A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arubaos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-63955 HIGH POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP CSRF Student Record System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63749 MEDIUM POC This Week

pnetlab 5.3.11 is vulnerable to Command Injection via the qemu_options parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pnetlab
NVD GitHub
CVSS 3.1
6.5
EPSS
6.7%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy