Skip to main content
CVE-2025-64428 HIGH POC PATCH This Week

Dataease is an open source data visualization analysis tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Dataease
NVD GitHub
CVSS 4.0
8.9
EPSS
0.2%
CVE-2025-64185 MEDIUM This Month

Open OnDemand is an open-source HPC portal. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-64027 MEDIUM POC This Month

Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Snipe It
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-63848 MEDIUM PATCH This Month

Stored cross site scripting (xss) vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Swish
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-62724 MEDIUM Monitor

Open OnDemand is an open-source HPC portal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-62709 MEDIUM POC PATCH This Week

ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

PHP RCE Clipbucket
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-52410 CRITICAL This Week

Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Institute Of Current Students
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13437 MEDIUM PATCH This Month

When zx is invoked with --prefer-local=<path>, the CLI creates a symlink named ./node_modules pointing to <path>/node_modules. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat
NVD GitHub
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-12121 HIGH POC PATCH This Month

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Lite Xl Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-12120 HIGH POC PATCH This Month

Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

RCE Code Injection Lite Xl Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-62875 MEDIUM POC PATCH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD.8.0p0-1.1. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Opensmtpd Tumbleweed Suse
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-62731 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-62730 HIGH This Month

SOPlanning is vulnerable to Privilege Escalation in user management tab. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Soplanning
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-62729 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /status endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-62297 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /projets endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-62296 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-62295 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-62294 HIGH This Month

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Soplanning
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-62293 MEDIUM This Month

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Soplanning
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-60738 CRITICAL POC Act Now

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arbitrary code via the ping.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection RCE Eve X1 Server Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-60737 MEDIUM POC This Month

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Eve X1 Server Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-36161 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-34320 CRITICAL This Week

BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
9.3
EPSS
1.0%
CVE-2025-13425 LOW PATCH Monitor

A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out. Rated low severity (CVSS 1.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference
NVD GitHub
CVSS 4.0
1.9
EPSS
0.0%

Rejected reason: Voluntarily withdrawn. No vendor patch available.

Information Disclosure
NVD
CVE-2025-65226 MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-65223 MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-65222 MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-65221 MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-65220 MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-64984 MEDIUM This Month

Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-62346 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. Rated medium severity (CVSS 6.8). No vendor patch available.

CSRF
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-60799 MEDIUM This Month

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Authentication Bypass Phppgadmin Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-60798 MEDIUM This Month

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Phppgadmin Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-60797 MEDIUM This Month

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Privilege Escalation Phppgadmin Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-60796 MEDIUM This Month

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phppgadmin Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-60794 MEDIUM This Month

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchauth
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-5092 MEDIUM This Month

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library (<= 2.8.3) in various versions due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-41076 MEDIUM This Month

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Limesurvey
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-41075 MEDIUM This Month

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Limesurvey
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-41074 MEDIUM This Month

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Limesurvey
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-40605 MEDIUM This Month

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Email Security Appliance 5000 Firmware Email Security Appliance 5050 Firmware Email Security Appliance 7000 Firmware Email Security Appliance 7050 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-40604 CRITICAL This Week

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sonicwall Email Security Appliance 5000 Firmware Email Security Appliance 5050 Firmware Email Security Appliance 7000 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-40601 HIGH This Month

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow Sonicos
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13469 MEDIUM Monitor

A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-13446 HIGH POC This Month

A vulnerability has been found in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac21 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-13445 HIGH POC This Month

A flaw has been found in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac21 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-13434 MEDIUM POC This Month

A weakness has been identified in jameschz Hush Framework 2.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Hush
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-13433 HIGH This Month

A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. Rated high severity (CVSS 7.3). No vendor patch available.

Information Disclosure Microsoft Windows
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-12778 MEDIUM This Month

The Ultimate Member Widgets for Elementor - WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_filter_users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy