Skip to main content
CVE-2025-66423 HIGH POC PATCH This Week

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Trytond
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-13615 CRITICAL Act Now

The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-13786 MEDIUM POC This Month

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Code Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13788 MEDIUM POC This Month

A vulnerability has been found in Chanjet CRM up to 20251106. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-13787 MEDIUM POC This Month

A flaw has been found in ZenTao up to 21.7.6-8564. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Zentao
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-35028 CRITICAL Act Now

By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-66422 MEDIUM POC PATCH This Month

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Trytond
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-66424 MEDIUM PATCH This Month

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Trytond
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13791 LOW POC Monitor

A vulnerability was identified in Scada-LTS up to 2.7.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13789 LOW POC Monitor

A vulnerability was found in ZenTao up to 21.7.6-8564. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13790 LOW POC Monitor

A vulnerability was determined in Scada-LTS up to 2.7.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13785 LOW POC Monitor

A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13784 LOW POC Monitor

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-13792 MEDIUM This Month

A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Code Injection
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13782 MEDIUM This Month

A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-66421 MEDIUM PATCH This Month

Tryton sao (aka tryton-sao) before 7.6.11 allows XSS because it does not escape completion values. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66420 MEDIUM PATCH This Month

Tryton sao (aka tryton-sao) before 7.6.9 allows XSS via an HTML attachment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66432 MEDIUM This Month

In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-66433 MEDIUM This Month

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. Rated medium severity (CVSS 4.2). No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-13783 LOW Monitor

A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13793 LOW Monitor

A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13795 LOW Monitor

A weakness has been identified in codingWithElias School Management System up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy