Skip to main content
CVE-2025-14746 LOW POC Monitor

Improper authentication in Ningyuanda TC155 firmware version 57.0.2.0 allows unauthenticated RTSP Live Video Stream access from within the local network. The vulnerability, classified as an authentication bypass (CWE-287), requires no user interaction and can be exploited with low complexity. Publicly available exploit code exists, though active exploitation has not been confirmed via CISA KEV. EPSS score of 0.16% indicates low real-world exploitation likelihood despite the disclosure and POC availability, suggesting limited attacker interest or access constraints.

Authentication Bypass Tc155 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-14748 LOW POC Monitor

Improper access controls in Ningyuanda TC155 firmware 57.0.2.0 ONVIF Device Management Service allows unauthenticated local network attackers to trigger a factory reset by manipulating the FactoryDefault argument with 'Hard' input, resulting in information disclosure and configuration loss. Publicly available exploit code exists; vendor has not responded to disclosure attempts.

Information Disclosure Tc155 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-14747 LOW POC Monitor

Denial of service in Ningyuanda TC155 firmware 57.0.2.0 via malformed RTSP requests to an unauthenticated RTSP service allows local network attackers to crash or degrade the device without authentication. Publicly available exploit code exists; the vendor did not respond to early disclosure notification. CVSS score of 2.1 reflects the low severity due to limited attack surface (local network only) and availability impact alone, but real-world risk depends on device deployment context and exposure to untrusted local networks.

Denial Of Service Tc155 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-14731 LOW POC Monitor

Template injection in CTCMS up to version 2.1.2 allows authenticated remote attackers to bypass template engine protections via improper neutralization of special elements in the Frontend/Template Management Module. The vulnerability affects the CT_Parser.php library and enables information disclosure with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS exploitation probability remains low at 0.09% (26th percentile), suggesting limited real-world weaponization despite POC availability.

PHP Information Disclosure Ctcms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-14749 LOW POC Monitor

Improper access controls in Ningyuanda TC155 firmware 57.0.2.0 ONVIF PTZ Control Interface (/onvif/device_service) allow unauthenticated local network attackers to gain unauthorized access with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; the vendor has not responded to disclosure efforts despite early contact.

Information Disclosure Tc155 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-54004 LOW Monitor

Missing authorization in WCFM - Frontend Manager for WooCommerce through version 6.7.24 allows authenticated users with limited privileges to bypass access controls via incorrectly configured security levels, enabling read-only disclosure of sensitive information. The vulnerability requires user interaction and has a low EPSS score (0.03%, 10th percentile), indicating minimal real-world exploitation probability despite the authentication requirement.

WordPress Authentication Bypass
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-14780 LOW Monitor

SQL injection in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761 allows authenticated remote attackers to manipulate the filter parameter in the /dishtrade/dish_trade_detail_get endpoint, resulting in limited confidentiality and integrity impact. Public exploit code exists; however, the CVSS score of 2.1 and EPSS percentile of 16% indicate low real-world exploitation probability despite authenticated network accessibility, suggesting the vulnerability may require specific application knowledge or platform-dependent conditions to achieve meaningful impact.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy