Skip to main content
CVE-2025-13315 CRITICAL POC THREAT Emergency

Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API bypass. The exposed log contains the administrator's username and encrypted password, which can be decrypted using hard-coded keys (CVE-2025-13316) to gain full administrative control.

Information Disclosure Microsoft Twonky Server Windows
NVD
CVSS 4.0
9.3
EPSS
82.4%
Threat
5.8
CVE-2025-13316 HIGH POC THREAT Act Now

Twonky Server 8.5.2 uses hard-coded cryptographic keys for encrypting the administrator password. Combined with the credential exposure vulnerability (CVE-2025-13315), this allows attackers to decrypt the admin password from the leaked log file and gain full administrative control of the media server.

Information Disclosure Microsoft Twonky Server Windows
NVD
CVSS 4.0
8.2
EPSS
72.7%
Threat
5.3
CVE-2025-64764 HIGH POC PATCH This Week

Astro is a web framework. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Astro
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2025-10437 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13421 MEDIUM POC This Month

A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13420 MEDIUM POC This Month

A weakness has been identified in itsourcecode Human Resource Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13410 MEDIUM POC This Month

A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-34337 HIGH This Week

eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-64759 HIGH This Week

Homarr is an open-source dashboard. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-34336 MEDIUM This Month

eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-13396 LOW POC Monitor

A weakness has been identified in code-projects Courier Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13411 LOW POC Monitor

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-13412 LOW POC Monitor

A vulnerability was determined in Campcodes Retro Basketball Shoes Online Store 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2025-13395 MEDIUM This Month

A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-11963 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trade Ltd. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-0421 MEDIUM This Month

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-13415 MEDIUM POC This Month

A vulnerability was identified in icret EasyImages up to 2.8.6. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Easyimages2 0
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-11884 LOW Monitor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in opentext uCMDB allows Stored XSS. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-11001 HIGH POC PATCH CISA This Month

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE 7 Zip Suse
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-63719 HIGH POC This Month

Campcodes Online Hospital Management System 1.0 is vulnerable to SQL Injection in /admin/index.php via the parameter username. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Hospital Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-63371 HIGH This Month

Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Onecommander
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-58181 MEDIUM PATCH This Month

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Crypto Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-47914 MEDIUM PATCH This Month

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Crypto Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-13147 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.1.8, from 2025.0.0 before 2025.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Moveit Transfer
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-65103 HIGH PATCH This Month

OpenSTAManager is an open source management software for technical assistance and invoicing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-63932 HIGH POC This Month

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 868l Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-63214 MEDIUM POC This Week

An issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to delete and create arbitrary accounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vbc Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-63213 CRITICAL POC Act Now

The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code Execution (RCE) due to improper input validation on the /cgi-bin/net_ping.cgi endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Opera11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-63212 MEDIUM POC This Week

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Flexiva Lx100 Firmware Flexiva Lx300 Firmware Flexiva Lx600 Firmware Flexiva Lx1000 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-51663 HIGH POC This Month

A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote attackers to bypass ip-based rate limit protection and failed attempt restrictions by faking X-Real-IP and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Filecodebox
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-51662 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filecodebox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-51661 HIGH POC This Month

A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Filecodebox
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-36371 MEDIUM This Month

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65100 MEDIUM This Month

Isar is an integration system for automated root filesystem generation. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-65094 HIGH POC PATCH This Week

WBCE CMS is a content management system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Wbce Cms
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-63211 MEDIUM POC This Month

Stored cross-site scripting vulnerability in bridgetech VBC Server & Element Manager, firmware versions 6.5.0-9 thru 6.5.0-10, allows attackers to execute arbitrary code via the addName parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Vbc Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-65099 HIGH PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Claude Code
NVD GitHub
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-65095 CRITICAL This Week

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-65089 MEDIUM PATCH This Month

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Microsoft Authentication Bypass Pro Macros
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-65034 HIGH POC This Week

Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-65033 HIGH POC This Week

Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-65032 MEDIUM POC This Week

Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65031 MEDIUM POC This Week

Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-65030 HIGH POC This Month

Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-65029 HIGH POC This Week

Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-65028 MEDIUM POC This Week

Rallly is an open-source scheduling and collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-65026 MEDIUM POC PATCH This Month

esm.sh is a nobuild content delivery network(CDN) for modern web development. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection XSS Esm Sh Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-65025 HIGH POC PATCH This Week

esm.sh is a nobuild content delivery network(CDN) for modern web development. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Path Traversal Esm Sh Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-65021 CRITICAL POC Act Now

Rallly is an open-source scheduling and collaboration tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy