THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — November 23, 2025

32 CVEs tracked today. 0 Critical, 10 High, 11 Medium, 10 Low.

CVE-2025-48507 HIGH CVSS 8.6
The security state of the calling processor into Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-13553 HIGH CVSS 7.4
A weakness has been identified in D-Link DWR-M920 1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dwr M920 Firmware
CVE-2025-13552 HIGH CVSS 7.4
A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dwr M920 Firmware Dir 822K Firmware
CVE-2025-13551 HIGH CVSS 7.4
A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dwr M920 Firmware Dir 822K Firmware
CVE-2025-13550 HIGH CVSS 7.4
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dwr M920 Firmware Dir 822K Firmware
CVE-2025-13549 HIGH CVSS 7.4
A vulnerability was found in D-Link DIR-822K 1.00. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 822K Firmware
CVE-2025-13548 HIGH CVSS 7.4
A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dwr M920 Firmware Dir 822K Firmware
CVE-2025-13547 HIGH CVSS 7.4
A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dwr M920 Firmware Dir 822K Firmware
CVE-2024-21923 HIGH CVSS 7.3
Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd
CVE-2024-21922 HIGH CVSS 7.3
A DLL hijacking vulnerability in AMD StoreMI™ could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd
CVE-2025-13572 MEDIUM CVSS 5.5
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
CVE-2025-13566 MEDIUM CVSS 4.8
A security vulnerability has been detected in jarun nnn up to 5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
CVE-2025-13565 MEDIUM CVSS 5.5
A weakness has been identified in SourceCodester Inventory Management System 1.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Inventory Management System
CVE-2025-13562 MEDIUM CVSS 5.5
A vulnerability was identified in D-Link DIR-852 1.00.cgi. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
CVE-2025-13561 MEDIUM CVSS 5.5
A vulnerability was determined in SourceCodester Company Website CMS 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
CVE-2025-13560 MEDIUM CVSS 5.5
A vulnerability was found in SourceCodester Company Website CMS 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
CVE-2025-13557 MEDIUM CVSS 5.5
A vulnerability has been found in Campcodes Online Polling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
CVE-2025-13556 MEDIUM CVSS 5.5
A flaw has been found in Campcodes Online Polling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
CVE-2025-13555 MEDIUM CVSS 5.5
A vulnerability was detected in Campcodes School File Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
CVE-2025-13554 MEDIUM CVSS 5.5
A security vulnerability has been detected in Campcodes Supplier Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
CVE-2025-12800 MEDIUM CVSS 6.4
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the su_shortcode_csv_table function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress SSRF
CVE-2025-54515 LOW CVSS 1.0
The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead. Rated low severity (CVSS 1.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-13571 LOW CVSS 2.1
A vulnerability was determined in code-projects Simple Food Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
CVE-2025-13570 LOW CVSS 2.1
A vulnerability was found in itsourcecode COVID Tracking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
CVE-2025-13569 LOW CVSS 2.1
A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
CVE-2025-13568 LOW CVSS 2.1
A flaw has been found in itsourcecode COVID Tracking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
CVE-2025-13567 LOW CVSS 2.1
A vulnerability was detected in itsourcecode COVID Tracking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
CVE-2025-13564 LOW CVSS 2.1
A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service
CVE-2025-13546 LOW CVSS 2.1
A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
CVE-2025-13545 LOW CVSS 2.0
A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
CVE-2025-13544 LOW CVSS 2.1
A weakness has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload
CVE-2025-12759 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities