Skip to main content
CVE-2025-25613 HIGH POC This Week

FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure S3150 8T2F Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-13442 MEDIUM POC This Month

A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.6%
CVE-2025-13451 MEDIUM POC This Month

A vulnerability was identified in SourceCodester Online Shop Project 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13449 MEDIUM POC This Month

A vulnerability was found in code-projects Online Shop Project 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13422 MEDIUM POC This Month

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-0643 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narkom Communication and Software Technologies Trade Ltd. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-0645 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-13435 LOW POC Monitor

A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Path Traversal Java
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.4%
CVE-2025-13468 LOW POC Monitor

A weakness has been identified in SourceCodester Alumni Management System 1.0.php of the component Delete Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13443 LOW POC Monitor

A vulnerability was detected in macrozheng mall up to 1.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13423 LOW POC Monitor

A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-13450 LOW POC Monitor

A vulnerability was determined in SourceCodester Online Shop Project 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-13424 LOW POC Monitor

A vulnerability has been found in Campcodes Supplier Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-13484 LOW POC Monitor

A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2025-64660 HIGH This Month

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Visual Studio Code
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-64655 HIGH This Month

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dynamics Omnichannel Sdk Storage Containers
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-62459 HIGH This Month

Microsoft Defender Portal Spoofing Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS 365 Defender Portal
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-62207 HIGH This Month

Azure Monitor Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Azure Monitor
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-59245 CRITICAL This Week

Microsoft SharePoint Online Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Online
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-49752 CRITICAL This Week

Azure Bastion Elevation of Privilege Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Azure Bastion Developer
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-36072 HIGH This Month

IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE IBM Webmethods Integration
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-61138 HIGH This Month

Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qlik Sense
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-36160 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-36159 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-36158 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-36153 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Concert
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-13087 HIGH This Month

A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 4.0
7.5
EPSS
0.4%
CVE-2025-64770 HIGH This Month

The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-63807 CRITICAL POC Act Now

An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Blogin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-63685 CRITICAL POC Act Now

Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Quark Cloud Drive
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-62674 HIGH This Month

The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-55124 MEDIUM POC This Month

Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Revive Adserver
NVD
CVSS 3.0
6.1
EPSS
0.0%
CVE-2025-55123 MEDIUM POC This Month

Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Revive Adserver
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-52671 MEDIUM POC Monitor

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Revive Adserver
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2025-52670 MEDIUM POC This Week

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Revive Adserver
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52669 MEDIUM POC Monitor

Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Revive Adserver
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2025-52668 MEDIUM POC This Month

Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Information Disclosure Revive Adserver
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-52667 MEDIUM POC This Month

Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Revive Adserver
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-52666 LOW POC Monitor

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Revive Adserver
NVD
CVSS 3.0
2.7
EPSS
0.1%
CVE-2025-48987 MEDIUM POC This Month

Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Revive Adserver
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-48986 HIGH POC This Week

Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Revive Adserver
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2025-35029 MEDIUM Monitor

Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise Health
NVD
CVSS 4.0
4.8
EPSS
0.0%

Rejected reason: DO NOT USE THIS CVE RECORD. No vendor patch available.

Information Disclosure
NVD
CVE-2025-55128 MEDIUM POC This Week

HackerOne community member Dang Hung Vi (vidang04) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Revive Adserver
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2025-55127 MEDIUM POC This Month

HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Revive Adserver
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-55126 MEDIUM POC This Week

HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Revive Adserver
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2025-10571 CRITICAL CISA This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.2.0.0, 3.2.1.1. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-64524 LOW POC PATCH Monitor

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Apple Buffer Overflow RCE Heap Overflow Cups Filters +1
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-63889 HIGH This Month

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Buffer Overflow Information Disclosure Thinkphp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63888 CRITICAL This Week

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP RCE Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy