Skip to main content
CVE-2025-14955 LOW POC PATCH Monitor

Improper initialization in the PFCP handler function ogs_pfcp_handle_create_pdr within Open5GS up to version 2.7.5 allows remote attackers to trigger information disclosure with high attack complexity. The vulnerability has a publicly available proof-of-concept and carries a very low EPSS score (0.15%), indicating minimal real-world exploitation probability despite public availability of exploit code. CVSS 2.9 reflects the limited technical impact (availability of confidentiality only), but the high complexity and resource requirements make practical attacks difficult.

Information Disclosure Open5gs
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-14954 LOW POC PATCH Monitor

Reachable assertion in Open5GS up to version 2.7.6 affects the PFCP context management functions (PDR, FAR, URR, QER) in lib/pfcp/context.c, allowing remote attackers to trigger a denial of service condition via crafted PFCP messages. The vulnerability requires high attack complexity and has low availability impact, but publicly available exploit code exists. CVSS 2.9 / EPSS 0.14% indicates low real-world exploitation probability despite public POC.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-14908 LOW POC PATCH Monitor

Authentication bypass in JeecgBoot up to version 3.9.0 allows authenticated remote attackers to manipulate tenant ID arguments in the SysTenantController, resulting in improper authentication checks that grant unauthorized access to other tenants' data. The vulnerability has a low CVSS score of 2.1 but publicly available exploit code exists, suggesting active researcher interest despite minimal real-world impact signals (EPSS 0.32%, low severity scope). Exploitation requires prior authentication and produces only limited information disclosure within the multi-tenant architecture.

Java Authentication Bypass Jeecg Boot
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2025-14909 LOW POC PATCH Monitor

JeecgBoot versions up to 3.9.0 allow authenticated remote attackers to manipulate user session management through the SysUserOnlineController, resulting in unauthorized session access with low availability impact. Public exploit code is available, though the CVSS score of 2.1 reflects limited real-world risk due to the requirement for authenticated access and minimal impact scope. Active exploitation has not been confirmed in CISA KEV, and the EPSS score of 0.13% indicates low probability of widespread exploitation despite public POC availability.

Information Disclosure Java Jeecg Boot
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-14910 LOW POC Monitor

Path traversal in the FTP daemon service of Edimax BR-6208AC firmware version 1.02 allows authenticated remote attackers to access files outside the intended FTP directory via crafted FTP commands to the handle_retr function. The device is discontinued and unsupported; exploit code is publicly available. While CVSS score is low (2.1) and EPSS indicates minimal exploitation likelihood (0.12%), the vulnerability is real for the small population still using this legacy hardware.

Path Traversal Br 6208ac Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-14962 LOW POC Monitor

Stored cross-site scripting (XSS) in Simple Stock System 1.0 via the /market/chatuser.php endpoint allows remote attackers to inject malicious scripts without authentication. User interaction is required for payload execution. Publicly available exploit code exists; EPSS score of 0.08% indicates low statistical exploitation probability despite XSS classification.

PHP XSS Simple Stock System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-58052 LOW POC Monitor

Galette membership management application versions 0.9.6 through 1.1.x contain an authorization bypass allowing group managers to escalate privileges and modify data beyond their intended role scope. The vulnerability requires authenticated access as a group manager and affects the integrity of membership data and organizational controls. Galette 1.2.0 resolves the issue; affected deployments should upgrade immediately to restore proper role-based access controls.

Authentication Bypass Galette
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-14966 LOW POC Monitor

SQL injection in FastAdmin up to version 1.7.0.20250506 allows high-privilege authenticated attackers to execute arbitrary SQL queries via manipulation of the custom/searchField parameter in the selectpage function of the Backend Controller. The vulnerability requires administrator-level privileges and has publicly available exploit code, though the low CVSS score (2.0) and minimal EPSS exploitation probability (0.06%) indicate limited real-world risk despite active disclosure.

PHP SQLi Fastadmin
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-14939 LOW POC Monitor

SQL injection in code-projects Online Appointment Booking System 1.0 allows high-privilege remote attackers to manipulate the managername parameter in /admin/deletemanager.php, resulting in limited confidentiality and integrity impact. EPSS score of 0.05% and CVSS 2.0 reflect the high privilege requirement (PR:H), which severely constrains real-world exploitability despite public POC availability.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-14899 LOW POC Monitor

SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privilege administrators to inject malicious SQL via the /admin/stateadd.php endpoint, potentially compromising database integrity and confidentiality. The vulnerability requires administrative privileges to exploit and has a low CVSS score (2.0) due to restricted scope and limited impact, but publicly available exploit code exists. Real-world risk is minimal given the high privilege barrier (PR:H), though organizations running this system should prioritize patching to prevent insider threats.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-14898 LOW POC Monitor

SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privilege administrators to execute arbitrary SQL queries via the /admin/userbuilderdelete.php endpoint. The vulnerability requires authenticated administrator access (CVSS PR:H) and affects only confidentiality and integrity with low impact. Publicly available exploit code exists, though exploitation is limited by the requirement for valid high-privilege credentials and carries low real-world risk due to EPSS score of 0.05% and the attacker profile (malicious insiders with admin accounts).

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-14897 LOW POC Monitor

SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privileged administrators to execute arbitrary SQL queries via the /admin/useragentdelete.php endpoint. The vulnerability requires administrator credentials but poses risk to systems where admin accounts may be compromised or where privileged users are untrusted. Publicly available exploit code exists, though EPSS indicates low real-world exploitation probability at 0.05%.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-14900 LOW POC Monitor

SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privileged administrators to execute arbitrary SQL queries via the ID parameter in /admin/userdelete.php. The vulnerability requires administrator access and carries low confidentiality, integrity, and availability impact per CVSS 4.0 scoring. Publicly available exploit code exists, though EPSS scoring (0.01%, percentile 3%) indicates minimal real-world exploitation probability, suggesting the threat is primarily theoretical despite public disclosure.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-14956 LOW POC PATCH Monitor

Heap-based buffer overflow in WebAssembly Binaryen up to version 125 within the WasmBinaryReader::readExport function allows local attackers with low privileges to cause limited information disclosure and integrity compromise. The vulnerability requires local access and authenticated privileges but has extremely low real-world exploitability with EPSS score of 0.04% despite publicly available proof-of-concept code, indicating this is a narrow, low-impact issue unlikely to be prioritized in most threat environments.

Buffer Overflow Binaryen
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-14958 LOW POC PATCH Monitor

Heap-based buffer overflow in sokol_gfx.h's _sg_pipeline_common_init function allows local authenticated attackers to corrupt memory with low impact on confidentiality, integrity, and availability. Exploitation requires local access and authenticated privileges but no user interaction. Publicly available exploit code exists, though EPSS scoring (0.03%) indicates minimal real-world exploitation probability despite low CVSS score.

Buffer Overflow Sokol
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-14957 LOW POC PATCH Monitor

Null pointer dereference in WebAssembly Binaryen up to version 125 allows local authenticated users to cause denial of service by manipulating the Index argument in IRBuilder::makeLocalGet, IRBuilder::makeLocalSet, or IRBuilder::makeLocalTee functions. Public exploit code exists, though real-world impact is minimal given the very low EPSS score (0.03%, 7th percentile) and local-access-only attack vector. This vulnerability is low-severity and unlikely to be prioritized for rapid patching in most environments.

Denial Of Service Binaryen
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-14953 LOW POC PATCH Monitor

Null pointer dereference in Open5GS up to version 2.7.5 allows remote authenticated attackers to cause denial of service by sending manipulated PFCP (Packet Forwarding Control Protocol) packets that trigger improper handling in the FAR-ID handler component. The vulnerability requires high attack complexity and authenticated access, limiting real-world exploitation despite publicly available proof-of-concept code and a low CVSS score of 1.3 reflecting restricted impact scope.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy