Skip to main content
CVE-2025-64081 CRITICAL POC Act Now

SQL injection vulnerability in /php/api_patient_schedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter.

PHP SQLi Patients Waiting Area Queue Management System
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-61318 CRITICAL POC Act Now

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature for directory traversal.

PHP Path Traversal Emlog
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2025-65548 CRITICAL POC PATCH Act Now

A security vulnerability in NUT-14 (CVSS 9.1) that allows cashu tokens. Risk factors: public PoC available.

Information Disclosure Nutshell
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-48626 CRITICAL PATCH Act Now

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-27020 CRITICAL Act Now

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0.

Authentication Bypass Infinera Mtc 9 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27019 CRITICAL Act Now

Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.

Authentication Bypass Infinera Mtc 9 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-65849 CRITICAL Act Now

A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction. NOTE: this is disputed by the Supplier because the product's objective is "to discourage automated scraping / bots, not guarantee resistance to determined attackers." The documentation states “the goal is not to provide a secure cryptographic algorithm but to use a proof-of-work mechanism that allows any capable device to decrypt the hidden data.”

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy