Skip to main content
CVE-2025-24016 CRITICAL POC KEV PATCH THREAT Act Now

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI that allows remote code execution on Wazuh management servers.

Wazuh Python Deserialization RCE Suse
NVD
CVSS 3.1
9.9
EPSS
93.9%
Threat
7.8
CVE-2025-24200 MEDIUM KEV THREAT This Month

An authorization issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 44.2%.

Apple Authentication Bypass
NVD
CVSS 3.1
6.1
EPSS
44.2%
Threat
4.0
CVE-2024-46435 HIGH POC This Week

A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Stack Overflow Buffer Overflow RCE Denial Of Service +1
NVD
CVSS 3.1
8.0
EPSS
1.7%
CVE-2024-54954 HIGH POC This Week

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ssti Oneblog
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2025-24970 HIGH POC PATCH This Week

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Netty Active Iq Unified Manager Oncommand Insight Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-13011 CRITICAL Act Now

The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE File Upload
NVD
CVSS 3.1
9.8
EPSS
5.8%
CVE-2025-1160 MEDIUM POC This Month

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Employee Management System
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-46437 MEDIUM POC This Month

A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure W18E Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1155 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qloapps
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-1159 MEDIUM POC This Month

A vulnerability was found in CampCodes School Management Software 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS School Management Software
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-27859 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-11621 HIGH This Week

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Information Disclosure Remote Desktop Manager Remote Desktop Manager Powershell +3
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-42512 HIGH PATCH This Week

Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ua Net Standard Stack
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-1193 HIGH This Week

Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Remote Desktop Manager Windows
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-21693 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Google +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21692 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <g1042620637@gmail.com> found that ets_class_from_arg() can index an Out-Of-Bound. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21687 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-57407 HIGH This Week

An arbitrary file upload vulnerability in the component /userPicture of Timo v2.0.3 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-1099 HIGH This Week

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2024-54658 MEDIUM PATCH This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-25247 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole.x up to 4.9.8 and 5.x up to 5.0.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Felix Webconsole Red Hat
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2025-1150 LOW POC Monitor

A vulnerability was found in GNU Binutils 2.43. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Binutils
NVD VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-1148 LOW POC Monitor

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Binutils
NVD VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2024-13010 MEDIUM This Month

The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-10649 MEDIUM This Month

wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass XSS Denial Of Service
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2024-57178 MEDIUM This Month

An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-25188 MEDIUM PATCH This Month

Hickory DNS is a Rust based DNS client, server, and resolver. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-12243 MEDIUM PATCH This Month

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2024-11831 MEDIUM PATCH This Month

A flaw was found in npm-serialize-javascript. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Node.js
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2025-25190 MEDIUM This Month

The ZOO-Project is an open source processing platform. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
5.5
EPSS
0.4%
CVE-2025-25193 MEDIUM PATCH This Month

Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Microsoft Denial Of Service Netty Windows Red Hat +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21691 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cachestat: fix page cache statistics permission checking When the 'cachestat()' system call was added in commit cf264e1329fb. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-57950 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 [WHAT & HOW] Variables, used as denominators and maybe not assigned to other. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Linux Information Disclosure Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21690 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-12133 MEDIUM PATCH This Month

A flaw in libtasn1 causes inefficient handling of specific certificate data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2025-1154 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in xxyopen Novel up to 3.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1158 MEDIUM This Month

A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1157 MEDIUM This Month

A vulnerability was found in Allims lab.online up to 20250201 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-24031 MEDIUM PATCH This Month

PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Red Hat Suse
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-21688 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Assign job pointer to NULL before signaling the fence In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL. Rated medium severity (CVSS 4.7).

Google Linux Race Condition Denial Of Service Linux Kernel +3
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-8685 MEDIUM This Month

Path-Traversal vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-25194 MEDIUM This Month

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-24892 LOW PATCH Monitor

OpenProject is open-source, web-based project management software. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openproject
NVD GitHub
CVSS 3.1
3.5
EPSS
1.3%
CVE-2025-1162 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Job Recruitment
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-25189 MEDIUM This Month

The ZOO-Project is an open source processing platform. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-1156 MEDIUM This Month

A vulnerability has been found in Pix Software Vivaz 6.0.10 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1002 MEDIUM This Month

MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dicom Viewer
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-57177 HIGH This Month

A host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Ssti
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-1153 LOW POC PATCH Monitor

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Binutils
NVD VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2024-8550 HIGH POC This Month

A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Agentscope
NVD
CVSS 3.0
7.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy