Skip to main content
CVE-2025-13316 HIGH POC THREAT Act Now

Twonky Server 8.5.2 uses hard-coded cryptographic keys for encrypting the administrator password. Combined with the credential exposure vulnerability (CVE-2025-13315), this allows attackers to decrypt the admin password from the leaked log file and gain full administrative control of the media server.

Information Disclosure Microsoft Twonky Server Windows
NVD
CVSS 4.0
8.2
EPSS
72.7%
Threat
5.3
CVE-2025-64764 HIGH POC PATCH This Week

Astro is a web framework. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Astro
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2025-34337 HIGH This Week

eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-64759 HIGH This Week

Homarr is an open-source dashboard. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-11001 HIGH POC PATCH CISA This Month

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE 7 Zip Suse
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-63719 HIGH POC This Month

Campcodes Online Hospital Management System 1.0 is vulnerable to SQL Injection in /admin/index.php via the parameter username. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Hospital Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-63371 HIGH This Month

Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Onecommander
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-65103 HIGH PATCH This Month

OpenSTAManager is an open source management software for technical assistance and invoicing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-63932 HIGH POC This Month

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 868l Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-51663 HIGH POC This Month

A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote attackers to bypass ip-based rate limit protection and failed attempt restrictions by faking X-Real-IP and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Filecodebox
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-51661 HIGH POC This Month

A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Filecodebox
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-65094 HIGH POC PATCH This Week

WBCE CMS is a content management system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Wbce Cms
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-65099 HIGH PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Claude Code
NVD GitHub
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-65034 HIGH POC This Week

Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-65033 HIGH POC This Week

Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-65030 HIGH POC This Month

Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-65029 HIGH POC This Week

Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rallly
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-65025 HIGH POC PATCH This Week

esm.sh is a nobuild content delivery network(CDN) for modern web development. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Path Traversal Esm Sh Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-63209 HIGH POC This Month

The ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP1000, STAR300, STAR2000, STAR1000, STAR500, and possibly other models, contains an information disclosure vulnerability allowing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Star150 Firmware Bp1000 Firmware Star300 Firmware Star2000 Firmware +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63208 HIGH POC This Month

An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6.0-8, allowing attackers to gain sensitive information such as administrator passwords via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vb288 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-63205 HIGH POC This Month

An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vb220 Firmware Vb120 Firmware Vb330 Firmware Vb440 Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-34335 HIGH POC This Week

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Fax Server Interactive Voice Response Tenda
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2025-34334 HIGH POC This Week

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Fax Server Interactive Voice Response Tenda
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-34333 HIGH POC This Week

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Fax Server Interactive Voice Response Tenda
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-34332 HIGH POC This Week

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Microsoft Privilege Escalation Fax Server Interactive Voice Response +2
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-34331 HIGH POC This Week

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Fax Server Interactive Voice Response Tenda
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-13400 HIGH POC This Month

A vulnerability was detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-65024 HIGH POC PATCH This Month

i-Educar is free, fully online school management software. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP I Educar
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-65023 HIGH POC PATCH This Month

i-Educar is free, fully online school management software. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP I Educar
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-65022 HIGH PATCH This Month

i-Educar is free, fully online school management software. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP I Educar
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-63220 HIGH POC This Month

The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE First Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-10703 HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache Google SAP +5
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-10702 HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache Google SAP +4
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-63219 HIGH POC This Month

The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session hijacking due to improper session management on the /home.html endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Iso Fm Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-8527 HIGH This Month

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-12472 HIGH This Month

An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-11230 HIGH PATCH This Month

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aloha Appliance Haproxy Haproxy Enterprise Kubernetes Ingress Controller +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-11446 HIGH This Month

Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.2.0 before 5.2.12. Rated high severity (CVSS 7.3). No vendor patch available.

Information Disclosure Upkeeper Manager
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-13206 HIGH PATCH This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 4.13.0 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Givewp PHP
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-13035 HIGH This Month

The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP RCE Code Injection
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-12484 HIGH This Month

The Giveaways and Contests by RafflePress - Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple social. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-12056 HIGH This Month

Out-of-bounds Read in Shelly Pro 3EM (before v1.4.4) allows Overread Buffers. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-11243 HIGH This Month

Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-13145 HIGH This Month

The WP Import - Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-12646 HIGH This Month

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'dayofyear' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12852 HIGH This Month

DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.4
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy