Skip to main content
CVE-2025-48633 MEDIUM KEV PATCH THREAT Act Now

CVE-2025-48633 is a security vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed). Vendor patch is available.

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-65804 MEDIUM POC This Month

Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).

Buffer Overflow RCE Stack Overflow Ax3 Firmware Tenda
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65797 MEDIUM POC PATCH This Month

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).

Authentication Bypass Denial Of Service Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65231 MEDIUM POC This Month

Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting (XSS) in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is stored and later rendered on the Status page.

XSS Instreamer Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-14206 MEDIUM POC This Month

A remote code execution vulnerability in A vulnerability (CVSS 6.5). Risk factors: public PoC available.

PHP Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-14258 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newsubject.php. The manipulation of the argument sub leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14257 MEDIUM POC This Month

A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /newrecord.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14256 MEDIUM POC This Month

A vulnerability was detected in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /newcurriculm.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14251 MEDIUM POC This Month

A security vulnerability has been detected in code-projects Online Ordering System 1.0. This affects an unknown function of the file /admin/ of the component Admin Login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14250 MEDIUM POC This Month

A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /user_contact.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14249 MEDIUM POC This Month

A security flaw has been discovered in code-projects Online Ordering System 1.0. The affected element is an unknown function of the file /user_school.php. The manipulation of the argument product_id results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14248 MEDIUM POC This Month

A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument admin_username leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14245 MEDIUM POC This Month

A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14226 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Other parameters might be affected as well.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14223 MEDIUM POC This Month

A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staff_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14218 MEDIUM POC This Month

A security flaw has been discovered in code-projects Currency Exchange System 1.0. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

Microsoft PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14217 MEDIUM POC This Month

A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

Microsoft PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14216 MEDIUM POC This Month

A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Microsoft PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14215 MEDIUM POC This Month

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

Microsoft PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14212 MEDIUM POC This Month

A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /member_search.php. Executing a manipulation of the argument roll_number can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14211 MEDIUM POC This Month

A vulnerability was detected in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /delete_book.php. Performing a manipulation of the argument book_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14210 MEDIUM POC This Month

A security vulnerability has been detected in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /delete_member.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14209 MEDIUM POC This Month

A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /update_query.php. This manipulation of the argument stud_id causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-65230 MEDIUM POC This Month

Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting (XSS) vulnerability in the Web UI Configuration Streaming Destination input.

XSS Instreamer Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-65798 MEDIUM POC PATCH This Month

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-65799 MEDIUM POC PATCH This Month

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.

Path Traversal Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-65796 MEDIUM POC PATCH This Month

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-48618 MEDIUM PATCH This Month

In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-66461 MEDIUM This Month

A remote code execution vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures.

Microsoft RCE Windows
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2025-22432 MEDIUM PATCH This Month

In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-32319 MEDIUM PATCH This Month

In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege with user execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Authentication Bypass Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-66326 MEDIUM This Month

Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability.

Use After Free Memory Corruption Information Disclosure Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-48598 MEDIUM PATCH This Month

CVE-2025-48598 is a security vulnerability (CVSS 6.6). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-48631 MEDIUM This Month

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-26489 MEDIUM This Month

Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.

Denial Of Service Infinera Mtc 9 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-36015 MEDIUM This Month

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input.

IBM Denial Of Service Controller Cognos Controller
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-36140 MEDIUM This Month

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.

IBM Denial Of Service Watsonx.Data
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-14255 MEDIUM This Month

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

SQLi Vitalsesp
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-14254 MEDIUM This Month

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

SQLi Vitalsesp
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-59391 MEDIUM PATCH This Month

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service.

Buffer Overflow Information Disclosure Denial Of Service Libcoap Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-64650 MEDIUM This Month

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.

IBM Information Disclosure Storage Defender Resiliency Service
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36017 MEDIUM This Month

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user.

IBM Information Disclosure Controller
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-64497 MEDIUM PATCH This Month

Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not have access to. This issue is fixed in version 17.0.99.1762431347 of the Tuleap Community Edition and versions 17.0-2, 16.13-7 and 16.12-10 of Tuleap Enterprise Edition.

Authentication Bypass Tuleap
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-66325 MEDIUM This Month

Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-62408 MEDIUM PATCH This Month

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.

Use After Free Memory Corruption Denial Of Service C Ares Red Hat +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-14207 MEDIUM This Month

A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-48622 MEDIUM PATCH This Month

In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48610 MEDIUM PATCH This Month

In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48601 MEDIUM This Month

In multiple locations, there is a possible permanent denial of service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48569 MEDIUM This Month

In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy