Skip to main content
CVE-2025-63958 CRITICAL POC Act Now

MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vision Tools Workspace
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2018-25126 CRITICAL POC Act Now

Shenzhen TVT Digital Technology Co., Ltd. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.3
EPSS
1.3%
CVE-2025-63434 HIGH POC This Week

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Xtool Anyscan Android
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-56401 HIGH POC This Week

ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Wbrm
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-60638 HIGH POC PATCH This Week

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Free5gc Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-14015 HIGH POC This Week

The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD WPScan
CVSS 3.1
7.1
EPSS
1.2%
CVE-2025-63674 MEDIUM POC This Month

An issue in Blurams Lumi Security Camera (A31C) v23.1227.472.2926 allows local physical attackers to execute arbitrary code via overriding the bootloader on the SD card. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE A31C Firmware
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-63914 MEDIUM POC This Month

An issue was discovered in Cinnamon kotaemon 0.11.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kotaemon
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-63953 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ultra Encode Hdmi Firmware Ultra Encode Sdi Firmware Ultra Encode Hdmi Plus Firmware Ultra Encode Sdi Plus Firmware +1
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-63498 MEDIUM POC PATCH This Month

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Sogo Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-54347 CRITICAL Act Now

A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Pingalert Application Server
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-47856 CRITICAL Act Now

In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Authentication Agent For Windows Windows
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-63952 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pro Convert Hdmi 4K Plus Firmware Pro Convert Hdmi Plus Firmware Pro Convert Hdmi Tx Firmware Pro Convert 12G Sdi 4K Plus Firmware +9
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-13585 MEDIUM POC This Month

A vulnerability was detected in itsourcecode COVID Tracking System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13583 MEDIUM POC This Month

A weakness has been identified in code-projects Question Paper Generator 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13582 MEDIUM POC This Month

A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13578 MEDIUM POC This Month

A vulnerability has been found in code-projects Library System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2023-7330 CRITICAL Act Now

Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP RCE
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-56400 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Smartlife Tuya Tuya Smart
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-14007 HIGH This Week

Shenzhen TVT Digital Technology Co., Ltd. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-10555 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-63433 MEDIUM POC This Month

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Xtool Anyscan Android
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-63432 MEDIUM POC This Month

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Xtool Anyscan Android
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-63435 MEDIUM POC This Month

Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Xtool Anyscan Android
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-44018 HIGH This Week

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-13609 HIGH PATCH GHSA This Week

A critical authentication bypass vulnerability in Keylime allows attackers with high privileges to register malicious agents using different TPM devices while claiming existing agent UUIDs, effectively overwriting legitimate agent identities. This enables impersonation of trusted agents and potential bypass of security controls in the remote attestation system. With an EPSS score of 0.07% (21st percentile) and no known KEV listing, the vulnerability has a high CVSS score of 8.2 but relatively low real-world exploitation likelihood.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-60915 HIGH This Week

An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Openatlas
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-52538 HIGH This Week

Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-54563 HIGH This Week

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Incorrect Access Control, leading to Remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Pingalert Application Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54338 HIGH This Week

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pingalert Application Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0003 HIGH This Week

Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-52539 HIGH This Week

A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality,. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-0005 HIGH This Week

Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of service. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48510 HIGH This Week

Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Amd Uprof
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-10144 MEDIUM This Month

The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the `brands` attribute of the `products` shortcode in all versions up to, and including, 3.6.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-60633 MEDIUM PATCH This Month

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Free5gc Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-60632 MEDIUM PATCH This Month

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Free5gc Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-13573 LOW POC Monitor

A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-64048 MEDIUM This Month

YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Yccms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-64047 MEDIUM This Month

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /user/user-move.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Rapidcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-13581 LOW POC Monitor

A vulnerability was identified in itsourcecode Student Information System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13580 LOW POC Monitor

A vulnerability was determined in code-projects Library System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13579 LOW POC Monitor

A vulnerability was found in code-projects Library System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13574 LOW POC Monitor

A weakness has been identified in code-projects Online Bidding System 1.0.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-13586 LOW POC Monitor

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-36150 MEDIUM This Month

IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-0007 MEDIUM This Month

Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity,. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-48511 MEDIUM This Month

Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Amd Uprof
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-29933 MEDIUM This Month

Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Amd Uprof
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-13466 MEDIUM PATCH This Month

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat
NVD GitHub
CVSS 4.0
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy