Skip to main content
CVE-2025-22690 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration allows Stored XSS.4.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-22688 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars allows Stored XSS.2.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-22685 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CheGevara Tags to Keywords allows Stored XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-24371 HIGH PATCH This Month

CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-35177 HIGH POC PATCH This Month

Wazuh is a free and open source platform used for threat prevention, detection, and response. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Privilege Escalation RCE Wazuh +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24962 HIGH POC PATCH This Week

reNgine is an automated reconnaissance framework for web applications. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Rengine
NVD GitHub
CVSS 4.0
8.7
EPSS
1.7%
CVE-2025-24960 HIGH This Month

Jellystat is a free and open source Statistics App for Jellyfin. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
8.7
EPSS
0.2%
CVE-2025-24899 HIGH POC PATCH This Month

reNgine is an automated reconnaissance framework for web applications. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Rengine
NVD GitHub
CVSS 4.0
7.1
EPSS
0.5%
CVE-2025-22918 HIGH This Month

Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57451 HIGH POC This Month

ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Chestnutcms
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-56903 HIGH This Month

Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-56902 HIGH POC THREAT This Month

Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Information Disclosure
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
26.5%
CVE-2024-56901 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-56898 HIGH POC This Week

Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD Exploit-DB GitHub
CVSS 3.1
8.8
EPSS
6.9%
CVE-2025-25064 HIGH This Week

Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 contain a SQL injection in the ZimbraSync Service SOAP endpoint. Authenticated attackers can manipulate a sync parameter to inject arbitrary SQL, extracting email contents, credentials, and mailbox data from the Zimbra database.

SQLi Zimbra Collaboration Suite
NVD
CVSS 3.1
8.8
EPSS
48.3%
CVE-2024-57669 HIGH This Month

Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-57452 HIGH POC This Month

ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Chestnutcms
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-56921 HIGH POC PATCH This Month

An issue was discovered in Open5gs v2.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Open5gs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-12859 HIGH This Month

The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP LFI Information Disclosure RCE WordPress
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-12511 HIGH This Month

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-57238 HIGH This Month

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-56161 HIGH This Month

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and. Rated high severity (CVSS 7.2). No vendor patch available.

Amd Information Disclosure Jwt Attack Red Hat Suse
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-49843 HIGH PATCH This Month

Memory corruption while processing IOCTL from user space to handle GPU AHB bus error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Fastconnect 6200 Firmware Fastconnect 7800 Firmware Qca6391 Firmware Qcm6125 Firmware +47
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49840 HIGH This Month

Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcc2073 Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49839 HIGH PATCH This Month

Memory corruption during management frame processing due to mismatch in T2LM info element. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +181
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-49838 HIGH PATCH This Month

Information disclosure while parsing the OCI IE with invalid length. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +162
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-49837 HIGH This Month

Memory corruption while reading CPU state data during guest VM suspend. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware Qam8650p Firmware +22
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49834 HIGH PATCH This Month

Memory corruption while power-up or power-down sequence of the camera sensor. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Csra6620 Firmware Csra6640 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +118
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49833 HIGH PATCH This Month

Memory corruption can occur in the camera when an invalid CID is used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qam8255p Firmware +74
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49832 HIGH PATCH This Month

Memory corruption in Camera due to unusually high number of nodes passed to AXI port. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcs6490 Firmware Video Collaboration Vc3 Platform Firmware +21
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45584 HIGH PATCH This Month

Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +118
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45582 HIGH PATCH This Month

Memory corruption while validating number of devices in Camera kernel . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcm8550 Firmware Qcs6490 Firmware +29
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45573 HIGH This Month

Memory corruption may occour while generating test pattern due to negative indexing of display ID. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +21
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45571 HIGH PATCH This Month

Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Memory Corruption Use After Free Ar8035 Firmware Csr8811 Firmware +148
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45561 HIGH This Month

Memory corruption while handling IOCTL call from user-space to set latency level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +28
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45560 HIGH This Month

Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +33
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38420 HIGH This Month

Memory corruption while configuring a Hypervisor based input virtual device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +153
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-38418 HIGH PATCH This Month

Memory corruption while parsing the memory map info in IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow C V2x 9150 Firmware Csrb31024 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +57
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38404 HIGH This Month

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 7800 Firmware Qca6584au Firmware Qca6698aq Firmware +36
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-0015 HIGH This Month

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service 5th Gen Gpu Architecture Kernel Driver Valhall Gpu Kernel Driver
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-10395 HIGH PATCH This Month

No proper validation of the length of user input in http_server_get_content_type_from_extension. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-25066 HIGH PATCH This Month

nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c. Rated high severity (CVSS 8.1), this vulnerability is no authentication required.

Stack Overflow Buffer Overflow Ndpi Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-20637 HIGH This Month

In network HW, there is a possible system hang due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
4.8%
CVE-2025-20633 HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Software Development Kit
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-20632 HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-20631 HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy