Skip to main content
CVE-2025-14580 LOW POC Monitor

Reflected cross-site scripting (XSS) in Qualitor up to version 8.24.73 allows authenticated remote attackers to inject malicious scripts via the cdscript parameter in /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php, exploitable only with user interaction (e.g., clicking a malicious link). While publicly available exploit code exists and the vendor has confirmed and patched the issue, the low CVSS score (2.0) and requirement for both authentication and user interaction significantly limit real-world risk.

PHP XSS Qualitor
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-14582 LOW POC Monitor

Unrestricted file upload in campcodes Online Student Enrollment System 1.0 allows high-privileged authenticated users to upload arbitrary files via the userphoto parameter in /admin/index.php?page=user-profile, potentially enabling remote code execution or data exfiltration. Public exploit code is available, though the vulnerability's real-world impact is limited by the requirement for administrative credentials and low CVSS/EPSS scores.

PHP Authentication Bypass File Upload Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-10583 LOW Monitor

WP Fastest Cache Premium plugin versions up to 1.7.4 contain a Server-Side Request Forgery (SSRF) vulnerability in the 'get_server_time_ajax_request' AJAX action that allows authenticated Subscriber-level users to send arbitrary web requests originating from the server, potentially enabling reconnaissance and manipulation of internal services. The free version is unaffected. No public exploit code has been identified at time of analysis, with a very low EPSS score of 0.04% indicating minimal real-world exploitation likelihood despite the authenticated attack vector.

WordPress SSRF Authentication Bypass
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-43518 LOW Monitor

Local privilege escalation in Apple's spellcheck API allows authenticated users to inappropriately access files on macOS, iOS, and related platforms through a logic flaw in access controls. Affected versions include macOS Sonoma 14.x and earlier, macOS Sequoia 15.7.2 and earlier, iOS 18.x and earlier, iPadOS 18.x and earlier, and watchOS 11.x and earlier. This vulnerability requires local access and user-level privileges but carries a low EPSS score (0.01%, percentile 3%) indicating minimal real-world exploitation likelihood at present. No public exploit code or active exploitation has been identified.

Apple iOS macOS Information Disclosure Path Traversal
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43517 LOW Monitor

macOS logging system fails to redact protected user data from log entries, allowing local authenticated applications to access sensitive information through log files across Sequoia, Sonoma, and Tahoe versions. Apple addressed this privacy issue by improving data redaction mechanisms in patched versions (macOS Sequoia 15.7.3, Sonoma 14.8.3, Tahoe 26.2). No public exploit identified at time of analysis, with EPSS exploitation probability at 0.01% (3rd percentile), indicating minimal real-world risk despite local attack vector.

Apple macOS Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43516 LOW Monitor

Session fixation in macOS Voice Control allows authenticated local users to transcribe another user's activity on the same system, disclosing sensitive information without user interaction. The vulnerability affects macOS Sequoia, Sonoma, and Tahoe and is fixed in versions 15.7.3, 14.8.3, and 26.2 respectively. Real-world risk is minimal due to low EPSS (0.01%), requirement for local access and prior authentication, and the need for Voice Control to be explicitly enabled.

Apple macOS Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43522 LOW Monitor

Intel-based Mac computers running macOS Sequoia prior to 15.7.3 or macOS Tahoe prior to 26.2 are vulnerable to a cryptographic downgrade attack that allows unprivileged local applications to bypass code-signing restrictions and access sensitive user data. The vulnerability exploits inadequate validation of signed components, enabling information disclosure through JWT or similar signed-data attacks. Active exploitation has not been confirmed, and the extremely low EPSS score (0.01%) indicates minimal real-world exploitation risk despite the local attack vector.

Apple macOS Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43532 LOW Monitor

Memory corruption in Apple operating systems due to insufficient bounds checking allows local authenticated users to cause denial of service through malicious data processing, affecting iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability requires local access and user interaction, with no public exploit identified; EPSS score of 0.02% indicates minimal real-world exploitation probability despite the assigned CVSS score of 2.8.

Apple iOS macOS Memory Corruption Denial Of Service
NVD
CVSS 3.1
2.8
EPSS
0.0%
CVE-2025-43410 LOW Monitor

Improper cache handling in macOS allows attackers with physical access to recover deleted notes from memory. The vulnerability affects macOS Sequoia (before 15.7.2), macOS Sonoma (before 14.8.2), and macOS Tahoe (before 26.2), exposing sensitive user data through inadequate data sanitization. No public exploit code has been identified, and the extremely low EPSS score (0.02%) reflects the requirement for physical device access, making real-world exploitation unlikely outside of targeted scenarios involving stolen or temporarily compromised hardware.

Apple macOS Information Disclosure
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-14568 LOW Monitor

SQL injection in haxxorsid Stock-Management-System up to commit fbbbf213e9c93b87183a3891f77e3cc7095f22b0 allows authenticated remote attackers to execute arbitrary SQL queries via manipulation of the employee_id, id, or admin parameters in model/User.php. The vulnerability has a low CVSS score (2.1) due to limited scope and impact, but carries low but non-zero exploitation probability (EPSS 0.05%). Public exploit code exists and the product is no longer maintained, eliminating vendor-supplied patch availability.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-14569 LOW Monitor

Use-after-free vulnerability in whisper.cpp up to version 1.8.2 affects the read_audio_data function in common-whisper.cpp, allowing local authenticated attackers to trigger memory corruption with limited confidentiality and integrity impact. The flaw requires local access and valid user privileges on the system, with publicly available exploit code currently circulating; however, the extremely low EPSS score (0.03%, 7th percentile) and minimal CVSS severity (1.9) suggest limited real-world exploitability despite public proof-of-concept availability.

Buffer Overflow Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy