Skip to main content
CVE-2025-14834 LOW POC Monitor

SQL injection in Simple Stock System 1.0 via the Username parameter in /checkuser.php allows authenticated remote attackers to manipulate database queries with low impact to confidentiality, integrity, and availability. The CVSS 4.0 vector (PR:L) indicates login is required, but an EPSS score of 0.05% and very low CVSS base of 2.1 suggest minimal real-world exploitation risk despite public exploit availability.

PHP SQLi Simple Stock System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-14801 LOW POC Monitor

Reflected cross-site scripting (XSS) in xiweicheng Teamwork Management System up to version 2.28.0 allows high-privilege users to inject malicious scripts via the content parameter in the /admin/blog/comment/create endpoint. The vulnerability requires admin authentication and user interaction (UI:P), limiting real-world risk despite network accessibility. Publicly available exploit code exists, though EPSS scoring (0.06%, 18th percentile) and CVSS 1.9 indicate low actual exploitation probability due to high privilege requirements.

XSS Teamwork Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2025-46279 LOW Monitor

Installed app enumeration via permissions bypass in Apple operating systems allows a locally authenticated app to discover what other applications a user has installed through insufficient access controls. Affects iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Tahoe 26.1 and earlier, tvOS 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability has a low CVSS score (3.3) with extremely low exploitation probability (EPSS 0.02%) and no public exploit identified at time of analysis.

Apple iOS Information Disclosure Ipados Iphone Os +3
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-46277 LOW Monitor

Local apps on Apple devices can access a user's Safari browsing history due to insufficient data redaction in system logging, affecting iOS, iPadOS, macOS Tahoe, and watchOS prior to version 26.2. An attacker with local app execution privileges can extract sensitive Safari history from system logs without user interaction. This vulnerability carries a 3.3 CVSS score with minimal real-world exploitation probability (EPSS 0.01%) and no known public exploits.

Apple iOS macOS Information Disclosure Ipados +2
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43531 LOW Monitor

Safari and Apple operating systems contain a race condition that crashes the rendering process when processing maliciously crafted web content, affecting Safari 26.2 and earlier, iOS 18.7.3 and earlier, iPadOS 18.7.3 and earlier, macOS Tahoe 26.2 and earlier, tvOS 26.2 and earlier, visionOS 26.2 and earlier, and watchOS 26.2 and earlier. The vulnerability requires user interaction (clicking a malicious link or visiting a hostile website) and has high attack complexity, resulting in denial of service through process crash rather than data compromise. No public exploit code has been identified, EPSS exploitation probability is very low at 0.12%, and Apple has released patched versions across all affected platforms.

Apple Safari iOS macOS Race Condition +6
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-14836 LOW Monitor

ZZCMS 2025 stores sensitive user data in cleartext within the User Data Storage Module at /reg/user_save.php, allowing remote attackers with high-level privileges to retrieve unencrypted credentials or personal information from disk. The vulnerability has a published exploit available, though the extremely low EPSS score (0.02%) and requirement for authenticated high-privilege access suggest minimal real-world exploitation risk despite public proof-of-concept availability.

PHP Information Disclosure Zzcms
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy