Skip to main content
CVE-2025-27363 HIGH KEV PATCH THREAT Act Now

Arbitrary code execution in FreeType 2.13.0 and earlier via heap buffer overflow when parsing TrueType GX/variable font subglyph structures. Confirmed actively exploited in the wild (CISA KEV). Attack requires high complexity but no authentication, affecting widespread deployments including Android, Debian, and applications embedding FreeType for font rendering. EPSS score of 76.15% (99th percentile) reflects significant real-world exploitation risk. Vendor patches available; immediate upgrade to post-2.13.0 versions critical.

Buffer Overflow RCE Memory Corruption
NVD
CVSS 3.1
8.1
EPSS
76.2%
Threat
5.4
CVE-2025-1661 CRITICAL POC PATCH THREAT Act Now

The HUSKY Products Filter Professional for WooCommerce plugin through version 1.3.6.5 contains a critical Local File Inclusion vulnerability via the template parameter of the woof_text_search AJAX action. Unauthenticated attackers can include and execute arbitrary PHP files, leading to remote code execution on any WordPress site with the plugin.

WordPress PHP RCE
NVD
CVSS 3.1
9.8
EPSS
91.4%
Threat
6.2
CVE-2025-24054 MEDIUM POC KEV THREAT This Month

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. [CVSS 6.5 MEDIUM] [CISA KEV - actively exploited]

Windows Microsoft
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
11.9%
Threat
4.7
CVE-2025-26633 HIGH POC KEV THREAT Act Now

A security feature bypass in Microsoft Management Console (MMC) allows attackers to evade security warnings and execute malicious code locally. KEV-listed and tracked as CVE-2025-26633, this vulnerability has been actively exploited by the Water Gamayun threat group (also tracked as EncryptHub) using crafted .msc files to deploy info-stealing malware. Public PoC is available and EPSS is 7.1%.

Authentication Bypass Microsoft
NVD Exploit-DB VulDB
CVSS 3.1
7.0
EPSS
7.1%
Threat
4.6
CVE-2025-24071 MEDIUM POC THREAT This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. [CVSS 6.5 MEDIUM]

Windows Microsoft
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
57.7%
Threat
4.5
CVE-2025-24985 HIGH POC KEV PATCH THREAT Act Now

An integer overflow in the Windows Fast FAT Driver allows unauthenticated local code execution through crafted FAT filesystem images. KEV-listed with public PoC, this vulnerability (CVE-2025-24985) can be triggered by mounting a malicious USB drive or VHD file, making it a potent vector for physical access attacks and social engineering scenarios.

Windows
NVD
CVSS 3.1
7.8
EPSS
1.1%
Threat
4.6
CVE-2024-54085 CRITICAL KEV THREAT Emergency

A critical authentication bypass in AMI SPx BMC firmware allows unauthenticated remote attackers to gain full control of server hardware through the Redfish Host Interface. This KEV-listed vulnerability (CVSS 9.8) threatens the entire server fleet of organizations using AMI-based BMC implementations, enabling attackers to persist below the OS layer where traditional security tools cannot detect them.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
8.2%
CVE-2025-24201 CRITICAL KEV PATCH THREAT Act Now

A critical out-of-bounds write in WebKit's rendering engine allows maliciously crafted web content to escape the Web Content sandbox, achieving native code execution on Apple devices. Rated CVSS 10.0 and KEV-listed, CVE-2025-24201 is a supplementary fix for a previously patched vulnerability that was being actively exploited in extremely sophisticated targeted attacks. Affects all Apple platforms: iOS, iPadOS, macOS, Safari, visionOS, and watchOS.

Apple Memory Corruption Buffer Overflow
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-24993 HIGH KEV THREAT Act Now

A heap-based buffer overflow in the Windows NTFS driver allows unauthenticated local code execution, providing kernel-level access when a user mounts a crafted NTFS filesystem image. This KEV-listed vulnerability (CVE-2025-24993) targets the most widely used Windows filesystem, making it a significant threat through malicious USB drives, VHD files, or network shares.

Windows Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2025-24983 HIGH KEV PATCH THREAT Act Now

A use-after-free vulnerability in the Windows Win32 Kernel Subsystem enables local privilege escalation from authorized user to SYSTEM level. This KEV-listed vulnerability (CVE-2025-24983) requires the attacker to win a race condition but has been actively exploited in targeted attacks. Microsoft has released patches for all supported Windows versions.

Linux Windows
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2025-24991 MEDIUM KEV THREAT This Month

Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. [CVSS 5.5 MEDIUM] [CISA KEV - actively exploited]

Windows
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2025-24984 MEDIUM KEV PATCH THREAT Act Now

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. [CVSS 4.6 MEDIUM] [CISA KEV - actively exploited]

Windows Microsoft
NVD
CVSS 3.1
4.6
EPSS
5.0%
CVE-2025-1550 CRITICAL POC PATCH GHSA Act Now

Keras Model.load_model can execute arbitrary code even with safe_mode=True by manipulating the config.json inside a .keras archive. An attacker can specify arbitrary Python modules and functions to be loaded during model deserialization. PoC available, patch available.

Python Red Hat RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
4.8%
CVE-2025-28915 CRITICAL Act Now

ThemeEgg ToolKit plugin for WordPress (through 1.2.9) allows authenticated administrators to upload web shells via unrestricted file upload. The scope change makes this critical despite requiring admin privileges, as it enables OS-level code execution beyond the WordPress application.

File Upload
NVD
CVSS 3.1
9.1
EPSS
22.7%
CVE-2025-25928 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request. [CVSS 8.0 HIGH]

CSRF RCE
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-25680 HIGH POC This Week

tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability is affected by code injection (CVSS 7.7).

RCE
NVD GitHub
CVSS 3.1
7.7
EPSS
0.3%
CVE-2025-24076 HIGH POC This Week

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]

Windows
NVD Exploit-DB
CVSS 3.1
7.3
EPSS
1.6%
CVE-2024-51321 HIGH POC This Week

In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication. [CVSS 7.6 HIGH]

Open Redirect
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-51319 HIGH POC This Week

the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 is affected by php remote file inclusion (CVSS 7.3).

RCE
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-25749 HIGH POC This Week

HotelDruid version 3.0.7 and earlier fails to enforce strong password requirements, allowing users to create weak passwords that are easily guessable. This affects anyone using the hotel management software, potentially exposing guest data and booking information. An attacker could exploit weak user passwords to gain unauthorized access to the system and compromise sensitive hotel operations and customer information.

RCE
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-13862 HIGH POC This Week

The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin [CVSS 7.1 HIGH]

WordPress XSS
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13836 HIGH POC This Week

The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. [CVSS 7.1 HIGH]

WordPress XSS
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13574 HIGH POC This Week

The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. [CVSS 7.1 HIGH]

WordPress XSS
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13864 HIGH POC This Week

The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin [CVSS 7.1 HIGH]

WordPress XSS
NVD WPScan
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-24070 HIGH POC PATCH This Week

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. [CVSS 7.0 HIGH]

Authentication Bypass .NET Microsoft Red Hat Suse
NVD HeroDevs
CVSS 3.1
7.0
EPSS
0.3%
CVE-2025-25927 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET request. [CVSS 6.8 MEDIUM]

CSRF RCE
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-27591 MEDIUM POC PATCH This Month

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow. [CVSS 6.8 MEDIUM]

Privilege Escalation Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-13853 MEDIUM POC This Month

The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin [CVSS 6.1 MEDIUM]

WordPress XSS
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2025-26701 CRITICAL Act Now

Percona PMM Server OVA images ship with default service account credentials that grant SSH access and sudo to root, exposing all monitoring data and managed database credentials. The scope change reflects that compromising the monitoring server gives access to all monitored infrastructure.

SSH Privilege Escalation Information Disclosure Authentication Bypass
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-28906 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thiago S.F. Skitter Slideshow allows Stored XSS. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-56336 CRITICAL Act Now

Siemens SINAMICS S200 drives with specific serial number prefixes contain an unlocked bootloader that allows attackers to inject malicious firmware. This bypasses the device's intrinsic security features, enabling persistent compromise of industrial drive systems.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-2193 MEDIUM POC This Month

A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. [CVSS 5.4 MEDIUM]

Path Traversal
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-51322 MEDIUM POC This Month

Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components [CVSS 5.4 MEDIUM]

RCE
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-51320 MEDIUM POC This Month

Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile components [CVSS 5.4 MEDIUM]

RCE
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-25747 MEDIUM POC This Month

Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint [CVSS 5.4 MEDIUM]

PHP
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-25929 MEDIUM POC This Month

OpenMRS version 2.4.3 contains a reflected XSS vulnerability in its legacy UI quick report feature that allows attackers to inject malicious JavaScript code through the reportType parameter. Users accessing crafted malicious links to the vulnerable /legacyui/quickReportServlet endpoint are affected. An attacker could execute arbitrary JavaScript in a victim's browser to steal session cookies, capture credentials, or perform actions on behalf of the user within the OpenMRS system.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27494 CRITICAL Act Now

Siemens SiPass integrated access control systems (AC5102 ACC-G2 and ACC-AP, before V6.4.9) allow authenticated administrators to escalate to root via command injection in the REST API's pubkey endpoint. While high privileges are required, the scope change enables full system compromise.

Code Injection
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-24051 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. [CVSS 8.8 HIGH]

Windows Buffer Overflow
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-27617 HIGH PATCH This Week

Pimcore is an open source data and experience management platform. versions up to 11.5.4 is affected by sql injection (CVSS 8.8).

RCE SQLi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-24056 HIGH This Week

Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network. [CVSS 8.8 HIGH]

Windows Buffer Overflow
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-55590 HIGH This Week

in Fortinet FortiIsolator version 2.4.0 versions up to 2.4.5 is affected by os command injection (CVSS 8.8).

Fortinet
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-26645 HIGH This Week

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. [CVSS 8.8 HIGH]

Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-1707 HIGH This Week

Review Schema (WordPress plugin) versions up to 2.2.4 is affected by php remote file inclusion (CVSS 8.8).

WordPress PHP
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-27396 HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. [CVSS 8.8 HIGH]

Privilege Escalation Siemens
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-27434 HIGH This Week

Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting (XSS) attack. [CVSS 8.8 HIGH]

RCE XSS
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-26661 HIGH This Week

Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. [CVSS 8.8 HIGH]

Authentication Bypass SAP
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-52961 HIGH This Week

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. [CVSS 8.8 HIGH]

Fortinet
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-1828 HIGH PATCH This Week

Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. [CVSS 8.8 HIGH]

Windows Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-0629 MEDIUM POC This Month

The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). [CVSS 4.8 MEDIUM]

WordPress XSS PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-25925 MEDIUM POC This Month

A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form. [CVSS 4.8 MEDIUM]

XSS Openmrs
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy