Skip to main content
CVE-2018-9373 HIGH This Week

In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-13484 HIGH PATCH This Week

A flaw was found in openshift-gitops-operator-container. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2024-13509 HIGH PATCH This Week

The WS Form LITE - Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-57519 HIGH POC PATCH This Month

An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Open5gs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-56529 HIGH This Month

Mailcow through 2024-11b has a session fixation vulnerability in the web panel. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-48310 HIGH This Month

AutoLib Software Systems OPAC v20.10 was discovered to have multiple API keys exposed within the source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57376 HIGH This Week

D-Link DSR series business routers (DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N) with firmware 3.13 through 3.17B901C contain a buffer overflow that allows unauthenticated remote code execution. The entire DSR business router product line is affected.

D-Link Buffer Overflow RCE Dsr 150 Firmware Dsr 150N Firmware +4
NVD
CVSS 3.1
8.8
EPSS
54.3%
CVE-2024-55968 HIGH This Month

An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.5% and no vendor patch available.

Authentication Bypass Apple macOS
NVD GitHub
CVSS 3.1
8.8
EPSS
10.5%
CVE-2025-24482 HIGH This Month

A Local Code Injection Vulnerability exists in the product and version listed above. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-24481 HIGH This Month

An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2024-40677 HIGH This Month

In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-40676 HIGH This Month

In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2024-40675 HIGH This Month

In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-40672 HIGH This Month

In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-40670 HIGH This Month

In TBD of TBD, there is a possible use after free due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Privilege Escalation Android +1
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-40669 HIGH This Month

In TBD of TBD, there is a possible use after free due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Privilege Escalation Android +1
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-40651 HIGH This Month

In TBD of TBD, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-40649 HIGH This Month

In TBD of TBD, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-34748 HIGH This Month

In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-34733 HIGH This Month

In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Integer Overflow Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-34732 HIGH This Month

In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-24479 HIGH This Month

A Local Code Execution Vulnerability exists in the product and version listed above. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass RCE Windows
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-24478 HIGH This Month

A denial-of-service vulnerability exists in the affected products. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-22217 HIGH This Month

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware SQLi
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-0631 HIGH This Month

A Credential Exposure Vulnerability exists in the above-mentioned product and version. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-0781 HIGH PATCH This Month

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Simgear Debian Linux Suse
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-23385 HIGH This Month

In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local. Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Dottrace Etw Host Service Resharper Rider
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23213 HIGH POC PATCH This Week

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload XSS Recipes
NVD GitHub
CVSS 3.1
8.7
EPSS
0.3%
CVE-2025-23212 HIGH POC PATCH This Month

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Recipes
NVD GitHub
CVSS 3.1
7.7
EPSS
0.3%
CVE-2025-23045 HIGH PATCH This Month

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Computer Vision Annotation Tool
NVD GitHub
CVSS 4.0
8.7
EPSS
0.9%
CVE-2025-0659 HIGH This Month

A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-0065 HIGH This Month

Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Code Injection Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-0752 HIGH This Month

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Request Smuggling Openshift Service Mesh Red Hat
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-11135 HIGH This Month

The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventer_get_attendees' function in all versions up to, and including, 3.9.8 due to insufficient. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Eventer
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-0150 HIGH PATCH This Month

NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Nvidia Microsoft +3
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-0146 HIGH This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure RCE Nvidia
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-0136 HIGH PATCH This Month

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Information Disclosure Nvidia Denial Of Service Nvidia Container Toolkit +3
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-0135 HIGH PATCH This Month

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Information Disclosure Nvidia Denial Of Service Nvidia Container Toolkit +3
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-22865 HIGH PATCH This Month

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-45340 HIGH PATCH This Month

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-45339 HIGH PATCH This Month

When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy