Skip to main content
CVE-2025-66398 CRITICAL POC PATCH GHSA Act Now

Signal K Server (for boats) before 2.19.0 allows unauthenticated attackers to hijack the backup restore function by polluting the internal restoreFilePath state via the /validateBackup endpoint. This enables overwriting security.json and other critical files to achieve OS command injection.

RCE Signal K Server
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-68620 CRITICAL POC PATCH Act Now

Signal K Server before 2.19.0 exposes two features that chain together to steal JWT tokens without authentication: WebSocket-based request enumeration plus unauthenticated polling of access request status. An attacker can hijack admin sessions remotely. PoC available.

Authentication Bypass Signal K Server
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-68272 HIGH POC PATCH GHSA This Week

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (`/signalk/v1/access/requests`). [CVSS 7.5 HIGH]

Denial Of Service Signal K Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-21428 HIGH POC PATCH This Week

Cpp-Httplib versions up to 0.30.0 contains a vulnerability that allows attackers to add extra headers, modify request body unexpectedly & trigger an SSRF attack (CVSS 7.5).

Python SSRF Cpp Httplib Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68619 HIGH POC PATCH This Week

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. [CVSS 7.2 HIGH]

Node.js Github Signal K Server RCE
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-69203 MEDIUM POC PATCH This Month

Signal K Server is a server application that runs on a central hub in a boat. [CVSS 6.3 MEDIUM]

Information Disclosure Signal K Server
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-15410 MEDIUM POC This Month

A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. [CVSS 7.3 HIGH]

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15408 MEDIUM POC This Month

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. [CVSS 7.3 HIGH]

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15407 MEDIUM POC This Month

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. [CVSS 7.3 HIGH]

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-0544 MEDIUM POC This Month

SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /student/index.php enables unauthenticated remote attackers to query or manipulate the database. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all installations at risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15409 MEDIUM POC This Month

Online Guitar Store versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-68273 MEDIUM POC PATCH This Month

Signal K Server is a server application that runs on a central hub in a boat. [CVSS 5.3 MEDIUM]

Information Disclosure Signal K Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-15405 MEDIUM POC This Month

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. [CVSS 4.3 MEDIUM]

CSRF Phpems
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-47411 HIGH PATCH This Week

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. [CVSS 8.1 HIGH]

Apache Streampipes
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-48769 HIGH This Week

Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results. [CVSS 8.1 HIGH]

Apache Use After Free Nuttx
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-11157 HIGH PATCH This Week

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. [CVSS 7.8 HIGH]

Python Kubernetes RCE Deserialization
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-55065 HIGH This Week

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CVSS 7.5 HIGH]

SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-48768 MEDIUM This Month

Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service. [CVSS 6.5 MEDIUM]

Apache Null Pointer Dereference Denial Of Service Nuttx
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14627 MEDIUM This Month

The WP Import - Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink redirects in the `upload_function()` method. [CVSS 6.4 MEDIUM]

WordPress SSRF PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-15404 LOW POC Monitor

A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /save_file.php. [CVSS 6.3 MEDIUM]

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15406 LOW POC Monitor

A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. [CVSS 6.3 MEDIUM]

Authentication Bypass Online Course Registration
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15415 LOW POC Monitor

A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. [CVSS 4.7 MEDIUM]

File Upload Authentication Bypass Wangmarket
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15416 LOW POC Monitor

A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. [CVSS 2.4 LOW]

XSS Wangmarket
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15413 LOW POC Monitor

A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. [CVSS 5.3 MEDIUM]

Buffer Overflow Wasm3
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15411 LOW POC Monitor

A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. [CVSS 5.3 MEDIUM]

Buffer Overflow Wabt
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15417 LOW POC PATCH Monitor

A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. [CVSS 3.3 LOW]

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15412 LOW POC Monitor

A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. [CVSS 5.3 MEDIUM]

Buffer Overflow Wabt
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-21436 MEDIUM PATCH This Month

Eopkg package manager versions before 4.4.0 fail to enforce the --destdir installation path, allowing malicious packages to write files to arbitrary locations on the host filesystem. An attacker can exploit this by distributing a compromised package that bypasses the intended installation directory, potentially overwriting system files or placing malicious content outside the sandboxed installation path. Users are only at risk if installing packages from untrusted or compromised sources; Solus repository packages are unaffected.

Python Eopkg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21437 MEDIUM PATCH This Month

Eopkg package manager versions before 4.4.0 fail to track files included in malicious packages, allowing undetected file installation when users install from compromised sources. An attacker can distribute packages containing hidden files that evade detection by package management tools like lseopkg. Users installing exclusively from official Solus repositories are unaffected.

Python Eopkg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-13820 MEDIUM This Month

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing their email address) when such user does not have an account on disqus.com yet. [CVSS 5.3 MEDIUM]

WordPress PHP
NVD WPScan
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-69413 MEDIUM PATCH This Month

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists. [CVSS 5.3 MEDIUM]

Information Disclosure Gitea Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-66023 MEDIUM PATCH This Month

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free (UAF) vulnerability within the MQTT bridge client component (implemented via the underlying NanoNNG library). [CVSS 4.9 MEDIUM]

Use After Free Memory Corruption Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-14428 MEDIUM This Month

The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'my_sticky_elements_bulks' function in all versions up to, and including, 2.3.3. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-69412 LOW Monitor

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration. [CVSS 3.4 LOW]

TLS
NVD GitHub
CVSS 3.1
3.4
EPSS
0.0%
CVE-2025-15414 LOW Monitor

A flaw has been found in go-sonic sonic versions up to 1.1.4. is affected by server-side request forgery (ssrf) (CVSS 4.7).

SSRF
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-22203 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22202 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22201 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22200 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22199 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22198 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22197 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22196 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22195 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22194 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22193 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22192 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22191 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22190 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-22189 Awaiting Data

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Information Disclosure
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy