Skip to main content
CVE-2025-15005 LOW POC Monitor

CouchCMS versions up to 2.4 use hard-coded cryptographic keys in the reCAPTCHA handler configuration, allowing remote attackers with high complexity to conduct information disclosure attacks against the reCAPTCHA mechanism. The vulnerability stems from improper handling of K_RECAPTCHA_SITE_KEY and K_RECAPTCHA_SECRET_KEY parameters in couch/config.example.php, and publicly available exploit code exists, though real-world exploitation probability remains low (EPSS 0.06%).

PHP Information Disclosure Couchcms
NVD VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-15009 LOW POC Monitor

ChestnutCMS up to version 1.5.8 allows authenticated remote attackers to upload arbitrary files by manipulating the File argument in the FilenameUtils.getExtension function of the /dev-api/common/upload endpoint. The vulnerability bypasses filename extension validation in the Filename Handler component, enabling unrestricted file uploads with low integrity and confidentiality impact. Publicly available exploit code exists; however, the low EPSS score (0.06%) and requirement for prior authentication significantly limit real-world exploitation risk compared to the CVSS base score.

Authentication Bypass File Upload Chestnutcms
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-15004 LOW POC Monitor

SQL injection in DedeCMS up to version 5.7.118 via the orderby parameter in /freelist_main.php allows authenticated remote attackers to execute arbitrary SQL queries with low impact on confidentiality, integrity, and availability. Publicly available exploit code exists and the vulnerability requires valid user authentication (PR:L) to exploit, significantly limiting real-world risk despite network accessibility.

PHP SQLi Dedecms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-15003 LOW POC Monitor

SQL injection in SeaCMS up to version 13.3 via the e_id parameter in admin_video.php allows authenticated high-privilege attackers to execute arbitrary SQL queries and manipulate database content. The vulnerability requires administrative credentials, limiting real-world impact despite public exploit availability. EPSS score of 0.05% reflects the high privilege requirement needed for exploitation.

PHP SQLi Seacms
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15013 LOW Monitor

Stack-based buffer overflow in sokol_gfx.h function _sg_validate_pipeline_desc allows local authenticated attackers to corrupt stack memory with limited confidentiality and integrity impact. The vulnerability affects sokol up to commit 5d11344150973f15e16d3ec4ee7550a73fb995e0, with patch commit b95c5245ba357967220c9a860c7578a7487937b0 available. Publicly available exploit code exists, though EPSS exploitation probability remains very low at 0.03%, indicating limited real-world attack surface.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy