Skip to main content
CVE-2025-59695 CRITICAL POC Act Now

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.

Authentication Bypass Nshield Connect Xc Base Firmware Nshield Connect Xc Mid Firmware Nshield 5c Firmware Nshield Hsmi Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-65656 CRITICAL POC Act Now

dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php.

PHP LFI Information Disclosure Dcat Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-59693 CRITICAL POC Act Now

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02.

Privilege Escalation Nshield Connect Xc Base Firmware Nshield 5c Firmware Nshield Connect Xc Mid Firmware Nshield Hsmi Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-65358 CRITICAL POC Act Now

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php.

PHP SQLi Edoc Doctor Appointment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-60736 CRITICAL POC Act Now

code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter.

PHP SQLi Online Medicine Guide
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-59703 CRITICAL POC Act Now

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack.

Authentication Bypass Nshield Connect Xc Base Firmware Nshield Hsmi Firmware Nshield 5c Firmware Nshield Connect Xc High Firmware +1
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-66399 HIGH POC PATCH This Week

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29.

Command Injection Ubuntu Debian Cacti Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-13000 HIGH POC This Week

The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks

SQLi WordPress Db Access PHP
NVD WPScan
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-65844 HIGH POC This Week

EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/images endpoint. The endpoint is accessible without authentication by default, and server-side validation of uploaded files is insufficient. This can be abused to upload arbitrary content (including non-image files) which could impersonate user/admin login panels (exfiltrating credentials) and to perform a denial-of-service attack by exhausting disk space.

File Upload Evershop
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-65877 HIGH POC This Week

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements, enabling attackers to read sensitive data from the database.

Information Disclosure SQLi Lvzhou Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-59702 HIGH POC This Week

A privilege escalation vulnerability (CVSS 7.2) that allows a physically proximate attacker with elevated privileges. Risk factors: public PoC available.

Information Disclosure Nshield Connect Xc High Firmware Nshield Connect Xc Base Firmware Nshield 5c Firmware Nshield Hsmi Firmware +1
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-59697 HIGH POC This Week

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06.

Privilege Escalation Nshield Connect Xc Base Firmware Nshield Connect Xc High Firmware Nshield 5c Firmware Nshield Hsmi Firmware +1
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-59705 MEDIUM POC This Month

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01.

Privilege Escalation Nshield 5c Firmware Nshield Connect Xc High Firmware Nshield Connect Xc Mid Firmware Nshield Hsmi Firmware +1
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-59699 MEDIUM POC This Month

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader.

Authentication Bypass Nshield Connect Xc High Firmware Nshield Connect Xc Mid Firmware Nshield 5c Firmware Nshield Connect Xc Base Firmware +1
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-59698 MEDIUM POC This Month

CVE-2025-59698 is a security vulnerability (CVSS 6.8) that allows a physically proximate attacker. Risk factors: public PoC available.

Information Disclosure Nshield 5c Firmware Nshield Connect Xc Mid Firmware Nshield Connect Xc Base Firmware Nshield Connect Xc High Firmware +1
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-59694 MEDIUM POC This Month

CVE-2025-59694 is a security vulnerability (CVSS 6.8) that allows a physically proximate attacker. Risk factors: public PoC available.

Information Disclosure Nshield Hsmi Firmware Nshield Connect Xc Base Firmware Nshield Connect Xc Mid Firmware Nshield Connect Xc High Firmware +1
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-65657 MEDIUM POC This Month

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).

PHP RCE Command Injection File Upload Feehicms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-58113 MEDIUM POC This Month

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Information Disclosure Buffer Overflow Pdf Xchange Editor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-11779 CRITICAL Act Now

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being sanitised, which could lead to command injection.

Command Injection Stack Overflow Buffer Overflow Sge Plc1000 Firmware Sge Plc50 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2025-63872 MEDIUM POC This Month

DeepSeek V3.2 has a Cross Site Scripting (XSS) vulnerability, which allows JavaScript execution through model-generated SVG content.

XSS Deepseek
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-65881 MEDIUM POC This Month

Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php.

PHP XSS Zoo Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-65215 MEDIUM POC This Month

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /product_expiry/add-supplier.php via the Supplier Name field.

PHP XSS Web Based Pharmacy Product Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-65186 MEDIUM POC This Month

Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.

XSS Grav
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-65187 MEDIUM POC PATCH This Month

A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed.

XSS Ubuntu Debian Civicrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-11783 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution.

Stack Overflow Buffer Overflow RCE Sge Plc50 Firmware Sge Plc1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-60854 CRITICAL Act Now

A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd.

Command Injection R15 Firmware D-Link
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-41742 CRITICAL Act Now

CVE-2025-41742 is a security vulnerability (CVSS 9.8) that allows the attacker. Critical severity with potential for significant impact on affected systems.

Authentication Bypass Sprecon E C Firmware Sprecon E T3 Firmware Sprecon E P Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-13542 CRITICAL Act Now

The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

Privilege Escalation WordPress PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11786 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.

Stack Overflow Buffer Overflow Sge Plc1000 Firmware Sge Plc50 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11785 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.

Stack Overflow Buffer Overflow Sge Plc50 Firmware Sge Plc1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11784 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.

Stack Overflow Buffer Overflow Sge Plc50 Firmware Sge Plc1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11782 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (64 bytes) without checking the length. An attacker can provide an excessively long value for the 'meter' parameter that exceeds the 64-byte buffer size.

Stack Overflow Buffer Overflow Sge Plc50 Firmware Sge Plc1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-58386 CRITICAL Act Now

In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing lower-privileged accounts, or invite a new lower-privileged account and escalate its privileges. While manipulating this request, the Power User can also change the target account's password, effectively taking full control of it.

Authentication Bypass Terminalfour
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11778 CRITICAL Act Now

Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'read_packet()' function of the TACACSPLUS implementation.

Heap Overflow Buffer Overflow Sge Plc50 Firmware Sge Plc1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11788 CRITICAL Act Now

Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.

Heap Overflow Buffer Overflow Sge Plc1000 Firmware Sge Plc50 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11780 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the “meter” parameter.

Buffer Overflow Sge Plc1000 Firmware Sge Plc50 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-41013 CRITICAL PATCH Act Now

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.

SQLi Gim
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-65896 CRITICAL GHSA Act Now

SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys.

SQLi Asyncmy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-64070 MEDIUM POC This Month

Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field.

XSS Student Grades Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-55129 MEDIUM POC This Month

HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported by other HackerOne users, such as itz_hari_ and khoof.

Information Disclosure Revive Adserver
NVD
CVSS 3.0
5.4
EPSS
0.0%
CVE-2025-13510 CRITICAL Act Now

The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-13658 CRITICAL Act Now

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.

RCE Code Injection
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-66409 CRITICAL PATCH Act Now

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command buffer length. This may lead to an out-of-bounds read, potentially exposing unintended memory content or causing unexpected behavior.

Information Disclosure Buffer Overflow Esp Idf
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-41744 CRITICAL Act Now

CVE-2025-41744 is a security vulnerability (CVSS 9.1) that allows an unprivileged remote attacker. Critical severity with potential for significant impact on affected systems.

Information Disclosure Sprecon E T3 Firmware Sprecon E P Firmware Sprecon E C Firmware
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-13872 CRITICAL Act Now

Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination.

SSRF Opinio
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-13828 CRITICAL PATCH Act Now

CVE-2025-13828 is a security vulnerability (CVSS 9.0). Critical severity with potential for significant impact on affected systems.

Authentication Bypass
NVD GitHub
CVSS 4.0
9.0
EPSS
0.1%
CVE-2025-13827 HIGH PATCH This Week

Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.

RCE File Upload
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-11787 HIGH This Week

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and 'TraceRoute()' functions.

Command Injection Sge Plc1000 Firmware Sge Plc50 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-12529 HIGH This Week

The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles() function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths into the orders that are removed, when an administrator deletes them. This can lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability requires the Cost Calculator Builder Pro version to be installed along with the free version in order to be exploitable.

PHP WordPress RCE
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-13638 HIGH PATCH This Week

Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Google Denial Of Service Memory Corruption Use After Free Ubuntu +4
NVD
CVSS 3.1
8.8
EPSS
0.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy