Skip to main content
CVE-2025-69256 HIGH POC PATCH This Week

Command injection in Serverless Framework versions 4.29.0 through 4.29.2 allows remote code execution through the experimental MCP server feature (@serverless/mcp package). Attackers can inject arbitrary shell commands via unsanitized input parameters passed to child_process.exec, achieving RCE under server process privileges. Publicly available exploit code exists (GHSA-rwc2-f344-q6w6). Impact is limited to less than 0.1% of users utilizing the experimental serverless mcp feature. EPSS probability is low at 0.05% (16th percentile).

Command Injection RCE Serverless
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-66835 HIGH POC This Week

Local code execution in TrueConf Client 8.5.2 lets an already-authenticated local user run arbitrary code in the context of the victim user by planting a malicious wfapi.dll that the application loads insecurely (CWE-427). Publicly available exploit code exists, but there is no public exploit identified in the sense of active exploitation - it is not listed in CISA KEV and EPSS is low (0.17%, 6th percentile), indicating little observed real-world exploitation activity. The impact is confined to the current user's context (no privilege escalation to SYSTEM claimed).

RCE Trueconf
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-66848 CRITICAL Act Now

Remote command execution in JD Cloud NAS-series routers (AX1800, AX3000, AX6600, BE6500, ER1 and ER2 firmware) allows unauthenticated network attackers to inject and run arbitrary OS commands on the device. The flaw is rated CVSS 9.8 with an unauthenticated network vector, and while no public exploit has been identified, its EPSS of 1.01% (59th percentile) reflects moderate near-term exploitation likelihood. Successful abuse yields full control of the router, making it a pivot point into the internal network.

Code Injection RCE Ax1800 Firmware Ax3000 Firmware Ax6600 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-15256 MEDIUM POC This Month

A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection Br 6208ac Firmware
NVD VulDB
CVSS 4.0
5.5
EPSS
0.5%
CVE-2025-52835 CRITICAL Act Now

CSRF vulnerability in WING WordPress Migrator plugin through version 1.2.0 permits unauthenticated attackers to upload web shells to affected WordPress sites by tricking site administrators into visiting a malicious webpage. The vulnerability exploits missing nonce verification in file upload functionality, enabling arbitrary code execution with web server privileges. No public exploit code or active exploitation confirmed at time of analysis.

WordPress CSRF
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-15257 MEDIUM POC This Month

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection Br 6208ac Firmware
NVD VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2025-15354 MEDIUM POC This Month

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/add_admin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

PHP SQLi Society Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15353 MEDIUM POC This Month

A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function edit_admin_query of the file /admin/edit_admin_query.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

PHP SQLi Society Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15263 MEDIUM POC This Month

A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

PHP SQLi Simple Php Cms
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15243 MEDIUM POC This Month

A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.

PHP SQLi Simple Stock System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-68990 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-69034 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through <= 1.8.

PHP Information Disclosure LFI
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-59129 HIGH This Week

Blind SQL Injection in Appointify WordPress plugin version 1.0.8 and earlier allows unauthenticated remote attackers to execute arbitrary SQL commands against the underlying database. The vulnerability enables data extraction and manipulation through time-based or error-based inference techniques without requiring valid credentials or authentication. EPSS score of 0.04% indicates low statistical likelihood of exploitation despite the technical severity of SQL injection.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-68987 HIGH This Week

Local file inclusion in Edge-Themes Cinerama WordPress theme versions ≤2.9 enables unauthenticated remote attackers to read arbitrary server files through PHP file inclusion weaknesses. Despite the CVSS critical rating of 9.8, EPSS probability is low (0.17%, 38th percentile) with no public exploit identified at time of analysis. The vulnerability allows server-side file reading which could expose configuration files, credentials, and sensitive data without authentication requirements.

PHP LFI Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-68985 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through <= 1.3.15.

PHP Information Disclosure LFI
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-68984 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue affects Puca: from n/a through <= 2.6.39.

PHP Information Disclosure LFI
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-68983 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue affects Greenmart: from n/a through <= 4.2.11.

PHP Information Disclosure LFI
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-62753 HIGH This Week

Local file inclusion vulnerability in MadrasThemes MAS Videos WordPress plugin versions up to 1.3.4 allows unauthenticated attackers to read arbitrary files from the affected server through improper control of filename parameters in PHP include/require statements. The vulnerability affects the masvideos plugin and has been tracked by Patchstack with an EPSS score of 0.17% (38th percentile), indicating low exploitation probability despite the presence of information disclosure risk.

PHP LFI Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-68996 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro: from n/a through <= 15.1.

PHP Information Disclosure LFI
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-68036 HIGH This Week

CubeWP framework plugin through version 1.1.27 fails to enforce proper access control checks, allowing attackers to access functionality that should be restricted by access control lists. This authentication bypass vulnerability has low real-world exploitation probability (EPSS 0.05%) but represents a fundamental authorization flaw in the plugin's architecture that could enable privilege escalation or unauthorized feature access depending on implementation context.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-23554 HIGH This Week

Reflected cross-site scripting (XSS) in the Off Page SEO WordPress plugin through version 3.0.3 allows unauthenticated attackers to inject malicious scripts into web pages viewed by other users. The vulnerability stems from improper input neutralization during page generation, enabling attackers to steal session cookies, redirect users, or perform actions on behalf of victims through crafted URLs. No public exploit code has been identified, and the low EPSS score (0.04%) suggests minimal real-world exploitation likelihood despite the moderate theoretical attack surface.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23550 HIGH This Week

Reflected cross-site scripting (XSS) in the Product Puller WordPress plugin through version 1.5.1 allows unauthenticated attackers to inject malicious JavaScript into web pages viewed by other users. The vulnerability stems from improper input sanitization in the plugin's request handling, enabling attackers to craft malicious URLs that execute arbitrary scripts in victim browsers. No public exploit code has been identified, and the EPSS score of 0.04% indicates low exploitation probability in the wild, though the vulnerability remains remotely exploitable without authentication.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23469 HIGH This Week

Reflected XSS in Sleekplan WordPress plugin through version 0.2.0 allows unauthenticated remote attackers to inject malicious scripts into web pages viewed by users. The vulnerability exists in the plugin's input handling during web page generation, enabling attackers to steal session cookies, perform unauthorized actions on behalf of victims, or redirect users to malicious sites. No active exploitation has been confirmed, but the attack vector is network-based with low complexity.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-23458 HIGH This Week

Reflected cross-site scripting (XSS) in the Rakessh Ads24 Lite WordPress plugin (wp-ad-management) up to version 1.0 allows unauthenticated attackers to inject malicious scripts into web pages viewed by other users. The vulnerability stems from improper input neutralization during web page generation, enabling attackers to craft malicious URLs that execute arbitrary JavaScript in victims' browsers when visited, potentially compromising user sessions, stealing credentials, or defacing content. No public exploit code or active exploitation has been confirmed at the time of analysis, though the low EPSS score (0.04%) suggests limited real-world exploitation likelihood despite the straightforward attack vector.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-59131 HIGH This Week

WP-CalDav2ICS WordPress plugin through version 1.3.4 contains a Cross-Site Request Forgery (CSRF) vulnerability that enables Stored XSS attacks. The vulnerability allows unauthenticated attackers to craft malicious requests that, when executed by a logged-in administrator or user, inject persistent malicious scripts into the plugin's stored data. This combined CSRF+XSS chain can lead to persistent compromise of the WordPress site through script injection.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-15244 LOW POC Monitor

A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been disclosed to the public and may be used.

Information Disclosure Race Condition Phpems
NVD VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-68974 MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <= 7.7.0.

WordPress LFI PHP Information Disclosure
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-68040 MEDIUM This Month

WP Project Manager plugin through version 3.0.1 exposes sensitive information in sent data due to improper information handling, allowing attackers to retrieve embedded sensitive data without authentication. The vulnerability affects all installations of the weDevs plugin and has been identified with an extremely low EPSS score (0.05%, 14th percentile), suggesting minimal practical exploitation likelihood despite the information disclosure classification.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-66103 MEDIUM This Month

DOM-based cross-site scripting (XSS) in WPCal.io WordPress plugin versions 0.9.5.9 and earlier allows attackers to inject malicious scripts into web pages viewed by users. The vulnerability stems from improper neutralization of user input during web page generation, enabling attackers to execute arbitrary JavaScript in the context of affected websites. No CVSS score is available, but the EPSS score of 0.04% (14th percentile) indicates low practical exploitation likelihood despite the XSS vector being a common attack class.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-66094 MEDIUM This Month

Stored cross-site scripting (XSS) in Yada Wiki WordPress plugin through version 3.5 allows authenticated users to inject malicious scripts that execute in the browsers of other site visitors. The vulnerability stems from improper input sanitization during web page generation, enabling persistent XSS attacks that could compromise site integrity, steal credentials, or perform actions on behalf of administrators. EPSS exploitation probability is very low at 0.04%, but the stored nature of the vulnerability means injected payloads persist across sessions.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-64190 MEDIUM This Month

DOM-based cross-site scripting (XSS) in 8theme XStore Core plugin (et-core-plugin) versions below 5.6 allows attackers to inject malicious scripts that execute in users' browsers during web page generation. The vulnerability affects WordPress installations using the vulnerable plugin, and while no CVSS score was assigned, the extremely low EPSS score (0.04%) suggests minimal real-world exploitation likelihood despite the XSS classification.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-63027 MEDIUM This Month

Stored cross-site scripting (XSS) in webcreations907 WBC907 Core WordPress plugin versions up to 3.4.1 allows attackers to inject and execute malicious JavaScript that persists in the application, potentially compromising users who view affected pages. The vulnerability stems from improper input neutralization during web page generation. No public exploit code or active exploitation has been identified at the time of analysis, though the attack vector and complexity depend on the specific injection point within the plugin.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-62746 MEDIUM This Month

Stored cross-site scripting (XSS) in CodeFlavors Featured Video for WordPress (VideographyWP) plugin version 1.0.18 and earlier allows authenticated attackers to inject malicious scripts that execute in the browsers of other site users, potentially compromising administrator accounts and site integrity. The vulnerability stems from improper input sanitization during web page generation, and no public exploit code has been identified at the time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69017 MEDIUM This Month

Stored Cross-Site Scripting (XSS) in Magnigenie RestroPress WordPress plugin through version 3.2.8.4 allows authenticated users with low privileges to inject malicious scripts that execute in the browsers of other site visitors, potentially compromising session tokens, stealing sensitive data, or defacing content. The vulnerability requires user interaction (UI:R) and affects only authenticated attackers (PR:L), limiting immediate exploitation risk despite the moderate CVSS score of 6.5. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68499 MEDIUM This Month

DOM-based cross-site scripting (XSS) in Crocoblock JetTabs WordPress plugin versions up to 2.2.12 allows attackers to inject malicious scripts that execute in users' browsers when viewing affected pages. The vulnerability stems from improper input neutralization during web page generation, enabling stored or reflected XSS attacks without requiring authentication. With an EPSS score of 0.04% (14th percentile), exploitation likelihood is very low despite the publicly documented vulnerability.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68498 MEDIUM This Month

Missing authorization in Crocoblock JetTabs WordPress plugin version 2.2.12 and earlier allows unauthenticated or low-privileged attackers to bypass access control restrictions and exploit misconfigured security levels. The vulnerability stems from improper validation of user permissions before executing sensitive operations, potentially enabling unauthorized access to restricted plugin functionality or data.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69024 MEDIUM This Month

Missing Authorization vulnerability in bizswoop BizPrint print-google-cloud-print-gcp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizPrint: from n/a through <= 4.6.7.

WordPress Authentication Bypass Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68991 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68978 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core designthemes-core allows DOM-Based XSS.This issue affects DesignThemes Core: from n/a through <= 1.6.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68977 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio Addon designthemes-portfolio-addon allows DOM-Based XSS.This issue affects DesignThemes Portfolio Addon: from n/a through <= 1.5.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15254 LOW POC Monitor

A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.

Tenda Command Injection W6 S Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.9%
CVE-2025-15357 LOW POC Monitor

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used.

Command Injection D-Link Di 7400G Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-15212 LOW POC Monitor

A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-15220 LOW POC Monitor

Reflected cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows remote attackers to inject malicious scripts via the LoginController initialization function, requiring user interaction to execute. The vulnerability has a public exploit available but represents low real-world risk due to CVSS 2.1 score, minimal EPSS exploitation probability (0.04%), and the requirement for user click-through. The vendor has not responded to early disclosure through a GitHub issue.

Java XSS Cachecloud
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15211 LOW POC Monitor

SQL injection in Refugee Food Management System 1.0 allows authenticated remote attackers to manipulate refNo, Fname, Lname, sex, age, contact, and nationality_nid parameters in /home/refugee.php, enabling unauthorized database query execution with limited confidentiality and integrity impact. The vulnerability requires login credentials (PR:L), has publicly available exploit code, and carries a low CVSS score (2.1) despite active proof-of-concept publication, indicating minimal real-world risk due to authentication barrier and restricted impact scope.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15210 LOW POC Monitor

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationality_nid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15213 LOW POC Monitor

A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument store_id leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

PHP Information Disclosure Student File Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15245 LOW POC Monitor

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

D-Link Path Traversal Dcs 850L Firmware
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-15219 LOW POC Monitor

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/MachineManageController.java. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Java XSS Cachecloud
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-15360 LOW POC Monitor

A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Java Authentication Bypass File Upload Newbee Mall Plus
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy