Skip to main content
CVE-2025-66301 CRITICAL POC PATCH THREAT Act Now

{page_name}, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through modifying the content of the data[_json][header][form] which is the YAML frontmatter which includes the process section which dictates what happens after a user submits the form which include some important actions that could lead to further vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27.

Authentication Bypass Grav
NVD GitHub
CVSS 3.1
9.6
EPSS
31.9%
Threat
4.4
CVE-2025-66401 CRITICAL POC PATCH Act Now

MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host machine by appending shell metacharacters to the URL.

Command Injection Mcp Watch
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-63531 CRITICAL POC Act Now

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, an attacker can bypass authentication and gain unauthorized access to the system.

PHP Authentication Bypass SQLi Blood Bank Management System
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-51683 CRITICAL POC Act Now

A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .

SQLi Mjobtime
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-51682 CRITICAL POC Act Now

CVE-2025-51682 is a security vulnerability (CVSS 9.8) that allows an attacker. Risk factors: public PoC available.

Information Disclosure Mjobtime
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-63532 CRITICAL POC Act Now

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system.

PHP Authentication Bypass SQLi Blood Bank Management System
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-63525 CRITICAL POC Act Now

An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.

PHP Authentication Bypass Blood Bank Management System
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-66410 CRITICAL POC PATCH Act Now

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.

Path Traversal Gin Vue Admin Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-65836 CRITICAL POC Act Now

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.

SSRF Publiccms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-66405 CRITICAL PATCH Act Now

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.

SSRF Gateway
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-63535 CRITICAL Act Now

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system.

PHP Authentication Bypass SQLi Blood Bank Management System
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-12106 CRITICAL PATCH Act Now

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

Buffer Overflow Ubuntu Debian Openvpn Suse
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-3500 CRITICAL PATCH Act Now

Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.

Privilege Escalation Integer Overflow Microsoft Antivirus Windows
NVD
CVSS 3.1
9.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy