Skip to main content
CVE-2024-48248 HIGH POC KEV THREAT Act Now

NAKIVO Backup & Replication contains an absolute path traversal allowing unauthenticated remote attackers to read arbitrary files, including configuration files with cleartext credentials for physical discovery operations.

RCE Path Traversal Backup Replication Director
NVD GitHub
CVSS 3.1
8.6
EPSS
94.0%
Threat
7.5
CVE-2025-22225 HIGH KEV THREAT CERT-EU Act Now

VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes, enabling escape from the VMX sandbox to the ESXi kernel.

Memory Corruption Buffer Overflow VMware ESXi Cloud Foundation +2
NVD
CVSS 3.1
8.2
EPSS
7.9%
CVE-2025-22226 HIGH KEV THREAT CERT-EU Act Now

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.

Information Disclosure Buffer Overflow VMware ESXi Cloud Foundation +4
NVD
CVSS 3.1
7.1
EPSS
6.8%
CVE-2025-23368 HIGH POC PATCH This Week

A flaw was found in Wildfly Elytron integration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Wildfly Core Data Grid Jboss Enterprise Application Platform
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2020-23438 HIGH POC This Week

Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Filmora
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-41147 HIGH POC This Week

An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Miniaudio
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-1937 HIGH POC PATCH This Week

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Mozilla
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-25426 HIGH POC This Week

yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yshopmall
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-1899 HIGH POC This Week

A vulnerability has been found in Tenda TX3 16.03.13.11_multi and classified as critical. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Tx3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-1898 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Tx3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-1897 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda TX3 16.03.13.11_multi. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Tx3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-1896 HIGH POC This Week

A vulnerability classified as critical was found in Tenda TX3 16.03.13.11_multi. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Tx3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-1895 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Tx3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-1639 HIGH This Week

The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_elementor_plugin_handler(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Arolax PHP
NVD
CVSS 3.1
8.8
EPSS
9.6%
CVE-2025-1930 HIGH PATCH This Week

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Mozilla Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-1306 HIGH PATCH This Week

The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Newscrunch PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-9149 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection.5. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-1424 HIGH This Week

A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device.6.8.3671. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2024-58045 HIGH This Week

Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-0359 HIGH This Week

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Axis Os Axis Os 2024
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2024-58044 HIGH This Week

Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-1943 HIGH PATCH This Week

Memory safety bugs present in Firefox 135 and Thunderbird 135. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Mozilla
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2025-1932 HIGH PATCH This Week

An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Mozilla
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-0360 HIGH This Week

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Axis Os Axis Os 2024
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1259 HIGH This Week

On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-1933 HIGH PATCH This Week

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
7.6
EPSS
0.4%
CVE-2025-1931 HIGH PATCH This Week

It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Mozilla Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-41719 HIGH This Week

Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 application till version 16.1 communicates using the GET method to process requests that contain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure iOS
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-1936 HIGH PATCH This Week

jar: URLs retrieve local file content packaged in a ZIP archive. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-58043 HIGH This Week

Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-10930 HIGH This Week

An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Block Load
NVD
CVSS 4.0
7.1
EPSS
0.8%
CVE-2025-1080 HIGH PATCH This Week

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. Rated high severity (CVSS 7.2), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Libreoffice Debian Linux Red Hat +1
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-1940 HIGH PATCH This Week

A select option could partially obscure the confirmation prompt shown before launching external apps. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Mozilla
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-50705 HIGH This Week

Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter. Rated high severity (CVSS 7.1). No vendor patch available.

CSRF XSS Tripleplay
NVD
CVSS 3.1
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy