Skip to main content
CVE-2025-21136 HIGH This Month

Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21135 HIGH This Month

Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow Animate
NVD
CVSS 3.1
7.8
EPSS
0.1%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2024-55945 MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-55924 HIGH PATCH This Month

TYPO3 is a free and open source Content Management Framework. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Typo3
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-55923 MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-55922 MEDIUM PATCH This Month

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-55921 HIGH PATCH This Month

TYPO3 is a free and open source Content Management Framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE CSRF Typo3
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2024-55920 MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-55894 MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-55893 MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-55892 MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect SSRF Typo3
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-55891 LOW PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Typo3
NVD GitHub
CVSS 3.1
3.1
EPSS
0.3%
CVE-2024-53263 HIGH PATCH This Month

Git LFS is a Git extension for versioning large files. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-48858 HIGH This Month

Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-23074 LOW Monitor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.39.X before 1.39.11, from 1.41.X. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2025-23073 LOW Monitor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-23072 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RefreshSpecial Extension allows Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-23042 HIGH POC PATCH GHSA This Week

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Python Apple Gradio +3
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-23041 MEDIUM PATCH This Month

Umbraco.Forms is a web form framework written for the nuget ecosystem. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Umbraco Forms
NVD GitHub
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-21134 HIGH This Month

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow Illustrator On Ipad
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-21133 HIGH This Month

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow Illustrator On Ipad
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-21132 HIGH This Month

Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21131 HIGH This Month

Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21130 HIGH This Month

Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21129 HIGH This Month

Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-21128 HIGH This Month

Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-21127 HIGH This Month

Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21122 HIGH This Month

Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-56374 MEDIUM PATCH This Month

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Django Debian Linux Red Hat +1
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2024-52006 LOW PATCH Monitor

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Node.js Git Debian Linux
NVD GitHub
CVSS 4.0
2.1
EPSS
1.3%
CVE-2024-50349 LOW PATCH Monitor

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Git Debian Linux
NVD GitHub
CVSS 4.0
2.1
EPSS
1.2%
CVE-2024-50338 HIGH PATCH This Month

Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Windows macOS
NVD GitHub
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-49375 CRITICAL PATCH This Week

Open source machine learning framework. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 3.1
9.0
EPSS
3.3%
CVE-2024-48857 HIGH This Month

NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qnx Software Development Platform
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-48856 CRITICAL This Week

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Qnx Software Development Platform
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-48855 MEDIUM This Month

Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-48854 MEDIUM This Month

Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2025-23366 MEDIUM PATCH This Month

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hal Management Console Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-23052 HIGH This Month

Authenticated command injection vulnerability in the command line interface of a network management service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-23051 HIGH This Month

An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-23025 CRITICAL PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
2.2%
CVE-2025-21607 LOW POC PATCH Monitor

Vyper is a Pythonic Smart Contract Language for the EVM. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Vyper
NVD GitHub
CVSS 4.0
2.3
EPSS
0.4%
CVE-2025-21417 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2025-21413 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2025-21411 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2025-21409 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2025-21405 HIGH PATCH This Month

Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Authentication Bypass Visual Studio 2022
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-21403 MEDIUM PATCH This Month

On-Premises Data Gateway Information Disclosure Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Information Disclosure On Prem Data Gateway
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-21395 HIGH PATCH CERT-EU This Month

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
1.8%
Prev Page 2 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy