Skip to main content
CVE-2023-53959 HIGH POC This Week

FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Filezilla Client
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.3%
CVE-2025-14151 HIGH This Week

Stored XSS in SlimStat Analytics for WordPress allows unauthenticated attackers to inject malicious scripts via unsanitized 'outbound_resource' parameter in slimtrack AJAX action (versions ≤5.3.2). Injected scripts execute when any user accesses the compromised page, enabling session hijacking, credential theft, or privilege escalation. Affects all installations with publicly accessible AJAX endpoints. No public exploit identified at time of analysis.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-1927 HIGH This Week

Authenticated attackers can perform unauthorized state-changing operations in Restajet Online Food Delivery System (all versions through December 19, 2025) by exploiting missing CSRF protections. The vulnerability, disclosed by Turkey's USOM (National Cyber Incident Response Center), carries a CVSS score of 7.1 with high integrity impact, though EPSS modeling indicates only 0.02% exploitation probability (5th percentile). No public exploit identified at time of analysis, and vendor did not respond to disclosure attempts.

CSRF
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy