Skip to main content
CVE-2025-24443 HIGH This Week

Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]

Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24442 HIGH This Week

Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]

Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24441 HIGH This Week

Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]

Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24440 HIGH This Week

Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]

Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24439 HIGH This Week

Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]

Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27172 HIGH This Week

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]

Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21169 HIGH This Week

Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. [CVSS 7.8 HIGH]

Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23402 HIGH This Week

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]

Use After Free
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-9157 HIGH This Week

CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers is affected by improper access control (CVSS 7.8).

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27438 HIGH This Week

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23401 HIGH This Week

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23400 HIGH This Week

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]

Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23399 HIGH This Week

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23398 HIGH This Week

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]

Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23397 HIGH This Week

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]

Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23396 HIGH This Week

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). [CVSS 7.8 HIGH]

Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-45328 HIGH This Week

An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu. [CVSS 7.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-2169 HIGH This Week

WordPress Currency Switcher Professional versions up to 1.2.0.4. is affected by code injection (CVSS 7.3).

WordPress PHP
NVD
CVSS 3.1
7.3
EPSS
1.9%
CVE-2025-26634 HIGH This Week

Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network. [CVSS 7.5 HIGH]

Windows Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-24043 HIGH PATCH This Week

Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network. [CVSS 7.5 HIGH]

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-48790 HIGH CERT-EU This Week

through 7.2.1 and 7.1.0 versions up to 7.1.1 is affected by cross-site request forgery (csrf) (CVSS 7.5).

Fortinet
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-54084 HIGH This Week

APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. [CVSS 7.5 HIGH]

Race Condition RCE
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-25003 HIGH This Week

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]

Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2025-24998 HIGH This Week

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]

Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2025-26631 HIGH This Week

Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]

Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2025-2176 HIGH PATCH This Week

A vulnerability classified as critical has been found in libzvb versions up to 0.2.43. contains a security vulnerability (CVSS 7.3).

Integer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-2177 HIGH PATCH This Week

A vulnerability classified as critical was found in libzvb versions up to 0.2.43. contains a security vulnerability (CVSS 7.3).

Integer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-27394 HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2025-27393 HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2025-27392 HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2025-24994 HIGH This Week

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]

Windows
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-23242 HIGH This Week

NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure. [CVSS 7.3 HIGH]

Denial Of Service Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-25748 HIGH This Week

gestione_utenti.php endpoint of HotelDruid 3.0.7 is affected by cross-site request forgery (csrf) (CVSS 7.3).

PHP
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-12010 HIGH This Week

A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]

Command Injection Zyxel
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-12009 HIGH This Week

A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]

Command Injection Zyxel
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-11253 HIGH This Week

A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]

Command Injection Zyxel
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-27395 HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. [CVSS 7.2 HIGH]

Path Traversal Siemens
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-54018 HIGH This Week

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests. [CVSS 7.2 HIGH]

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-45324 HIGH CERT-EU This Week

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attac...

Fortinet
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-25008 HIGH This Week

Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally. [CVSS 7.1 HIGH]

Windows
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23360 HIGH This Week

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering. [CVSS 7.1 HIGH]

Path Traversal
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-28905 HIGH This Week

Stored cross-site scripting in Featured Posts Grid WordPress plugin (versions up to 1.7) allows remote attackers to inject malicious scripts that execute in administrator browsers. Patchstack reporting indicates this is a CSRF-to-Stored-XSS chain, meaning attackers can trick authenticated administrators into unknowingly storing malicious payloads. EPSS probability is low (0.09%, 26th percentile) with no CISA KEV listing, indicating targeted rather than widespread exploitation risk. The Changed scope (S:C) in CVSS vector indicates the vulnerability can affect resources beyond the vulnerable component's security scope.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-28895 HIGH This Week

Stored cross-site scripting (XSS) in the Custom top bar WordPress plugin versions up to 2.0.2 allows remote attackers to inject malicious scripts that execute in victim browsers when they view affected pages. The vulnerability is exploitable via network access without authentication but requires user interaction (victim visiting a page with injected payload). EPSS score of 0.09% (26th percentile) indicates low probability of mass exploitation at time of analysis. Patchstack reporting suggests this may be chained with CSRF based on reference URL pattern, though not explicitly confirmed in the CVE description.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-0150 HIGH This Week

Incorrect behavior order in some Zoom Workplace App versions up to 6.3.0 contains a vulnerability that allows attackers to an authenticated user to conduct a denial of service via network access (CVSS 7.1).

Denial Of Service
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-28933 HIGH This Week

CSRF vulnerability in the MaxA/B WordPress plugin (versions ≤2.2.2) chains into stored cross-site scripting, allowing remote attackers to inject malicious scripts into the WordPress admin interface via social engineering. The vulnerability requires user interaction (administrator must be tricked into visiting an attacker-controlled page while authenticated) but requires no authentication by the attacker. EPSS probability is low (0.05%, 14th percentile) indicating minimal observed exploitation attempts. No CISA KEV listing or public POC identified at time of analysis, suggesting limited real-world targeting.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-28932 HIGH This Week

Stored XSS via CSRF in Insert Code WordPress plugin versions through 2.4 allows unauthenticated remote attackers to inject malicious scripts by tricking authenticated administrators into executing forged requests. The CSRF weakness (CWE-352) enables attackers to bypass normal access controls and store XSS payloads in the plugin's code insertion functionality. With CVSS 7.1 (High) and changed scope (S:C), successful exploitation impacts confidentiality, integrity, and availability across security boundaries. EPSS score of 0.05% (14th percentile) indicates low probability of mass exploitation, and no public exploit code or CISA KEV listing identified at time of analysis.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-28931 HIGH This Week

Stored cross-site scripting (XSS) in DevriX Hashtags WordPress plugin 0.3.2 and earlier allows remote attackers to inject malicious scripts via CSRF-chained attack. Unauthenticated attackers can trick authenticated administrators into executing malicious requests that persist XSS payloads in the application. EPSS score of 0.05% (14th percentile) indicates low automated exploitation likelihood despite network attack vector. No active exploitation confirmed via CISA KEV, though publicly available exploit code exists. Scope change in CVSS vector indicates malicious script executes in victim's browser context, enabling session hijacking or privilege escalation.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-28925 HIGH This Week

Stored cross-site scripting (XSS) in WordPress plugin WATI Chat and Notification versions through 1.1.2 can be triggered via CSRF attack, enabling attackers to inject persistent malicious scripts into the WordPress site. The vulnerability requires user interaction from an authenticated administrator but no direct authentication by the attacker, allowing scope change (S:C) that affects resources beyond the vulnerable component. EPSS score of 0.05% (14th percentile) indicates low current exploitation probability. Reported by Patchstack security research team, no CISA KEV listing or public POC identified at time of analysis.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-28923 HIGH This Week

Cross-site scripting (stored XSS) via CSRF in No Disposable Email WordPress plugin through version 2.5.1 allows remote attackers to inject malicious scripts into the site's database. An attacker tricks an authenticated administrator into submitting a crafted request, which bypasses CSRF protections and stores XSS payload that executes when other users access affected pages. EPSS score of 0.05% (14th percentile) indicates low probability of widespread exploitation, with no active exploitation (not in CISA KEV) or public POC identified at time of analysis.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-28922 HIGH This Week

CSRF vulnerability in the Go To Top WordPress plugin through version 0.0.8 enables attackers to store malicious JavaScript via cross-site request forgery. An authenticated administrator or privileged user can be tricked into executing a forged request that injects persistent XSS payloads into the plugin's settings or content areas. The CVSS score of 7.1 reflects changed scope and multi-step exploitation requirements (CSRF leading to stored XSS). EPSS score of 0.05% (14th percentile) indicates very low probability of mass exploitation, consistent with a targeted attack against WordPress administrators requiring social engineering.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy