Skip to main content
CVE-2025-65112 CRITICAL POC Act Now

PubNet is a self-hosted Dart & Flutter package service. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Pubnet
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2025-66216 CRITICAL POC PATCH Act Now

AIS-catcher is a multi-platform AIS receiver. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Ais Catcher
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-66217 HIGH POC PATCH This Week

AIS-catcher is a multi-platform AIS receiver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow RCE Heap Overflow Ais Catcher
NVD GitHub
CVSS 4.0
8.8
EPSS
0.5%
CVE-2025-66201 HIGH POC This Week

LibreChat is a ChatGPT clone with additional features. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Librechat
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-66027 HIGH POC PATCH This Week

Rallly is an open-source scheduling and collaboration tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Rallly
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-66219 MEDIUM POC This Month

willitmerge is a command line tool to check if pull requests are mergeable. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Willitmerge
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-65113 MEDIUM POC PATCH This Month

ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Clipbucket
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-66034 MEDIUM POC PATCH This Month

fontTools is a library for manipulating fonts, written in Python. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. Public exploit code available.

RCE Python Fonttools Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-65540 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xmall
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-61915 MEDIUM POC PATCH This Month

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Cups Red Hat Suse
NVD GitHub
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-58436 MEDIUM POC PATCH This Month

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. Public exploit code available.

Denial Of Service Cups Red Hat Suse
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-66224 CRITICAL Act Now

OrangeHRM is a comprehensive human resource management (HRM) system. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Orangehrm
NVD GitHub
CVSS 4.0
9.0
EPSS
0.1%
CVE-2025-66289 HIGH This Week

OrangeHRM is a comprehensive human resource management (HRM) system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Orangehrm
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-66225 HIGH This Week

OrangeHRM is a comprehensive human resource management (HRM) system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orangehrm
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-66223 HIGH This Week

OpenObserve is a cloud-native observability platform. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-53899 HIGH PATCH This Week

Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Kiteworks Managed File Transfer
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-53896 HIGH PATCH This Week

Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Kiteworks Managed File Transfer
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-53897 MEDIUM PATCH This Month

Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Kiteworks Managed File Transfer
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-53900 MEDIUM PATCH This Month

Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Kiteworks Managed File Transfer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-66221 MEDIUM PATCH This Month

Werkzeug is a comprehensive WSGI web application library. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Werkzeug Windows Red Hat +1
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-53939 MEDIUM PATCH This Month

Kiteworks is a private data network (PDN). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kiteworks
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-65892 MEDIUM This Month

Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Krpano
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-66036 MEDIUM This Month

Retro is an online platform providing items of vintage collections. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-66291 MEDIUM PATCH This Month

OrangeHRM is a comprehensive human resource management (HRM) system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Orangehrm
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-66290 MEDIUM This Month

OrangeHRM is a comprehensive human resource management (HRM) system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orangehrm
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-64715 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Cilium Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-6666 LOW Monitor

A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Rated low severity (CVSS 1.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
0.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy