Skip to main content
CVE-2025-27915 MEDIUM POC KEV THREAT This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

XSS Zimbra Collaboration Suite
NVD
CVSS 3.1
5.4
EPSS
22.9%
Threat
4.8
CVE-2025-21590 MEDIUM KEV THREAT This Month

A security vulnerability in An Improper (CVSS 6.7) that allows a local attacker with high privileges. Risk factors: actively exploited (KEV-listed).

Juniper Privilege Escalation
NVD
CVSS 4.0
6.7
EPSS
0.9%
CVE-2025-25291 CRITICAL POC PATCH THREAT CERT-EU Act Now

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.8%.

Jwt Attack Authentication Bypass Omniauth Saml Ruby Saml Storagegrid
NVD GitHub
CVSS 4.0
9.3
EPSS
13.8%
CVE-2025-25292 CRITICAL POC PATCH CERT-EU Act Now

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Authentication Bypass Omniauth Saml Ruby Saml Storagegrid
NVD GitHub
CVSS 4.0
9.3
EPSS
4.1%
CVE-2025-25568 CRITICAL POC Act Now

SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Denial Of Service Vpn
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25565 CRITICAL POC Act Now

SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vpn
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25567 CRITICAL POC Act Now

SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vpn
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-10838 HIGH POC PATCH This Week

An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Deserialization Denial Of Service Cyclone Data Distribution Service
NVD GitHub
CVSS 4.0
8.8
EPSS
1.1%
CVE-2025-26260 HIGH POC PATCH This Week

Plenti <= 0.7.16 is vulnerable to code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Plenti Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-22954 CRITICAL Act Now

GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.9% and no vendor patch available.

SQLi
NVD
CVSS 3.1
10.0
EPSS
11.9%
CVE-2025-25293 HIGH POC PATCH This Week

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Omniauth Saml Ruby Saml
NVD GitHub
CVSS 4.0
7.7
EPSS
2.7%
CVE-2025-25975 HIGH POC This Week

An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Parse Git Config Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-25774 MEDIUM POC PATCH This Month

An issue was discovered in Open5GS v2.7.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Open5gs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13446 CRITICAL Act Now

The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Workreap
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-1960 CRITICAL Act Now

attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25566 MEDIUM POC This Month

Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Vpn
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2024-13871 CRITICAL Act Now

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Box Firmware
NVD
CVSS 4.0
9.4
EPSS
0.3%
CVE-2024-13872 CRITICAL Act Now

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Box Firmware
NVD
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-27407 CRITICAL PATCH CERT-EU Act Now

graphql-ruby is a Ruby implementation of GraphQL. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Red Hat
NVD GitHub
CVSS 3.1
9.0
EPSS
1.6%
CVE-2025-2216 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Warehouse Refinement Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2217 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Warehouse Refinement Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-2214 MEDIUM POC This Month

A vulnerability was found in Microweber 2.0.19. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Microweber
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-25711 HIGH This Week

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-29891 MEDIUM POC PATCH This Month

Bypass/Injection vulnerability in Apache Camel.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Apache Authentication Bypass Camel Red Hat
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-2220 MEDIUM POC This Month

A vulnerability was found in Odyssey CMS up to 10.34. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Odyssey Cms
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-20138 HIGH CERT-EU This Week

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Command Injection Cisco Ios Xr
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-20115 HIGH This Week

A vulnerability in confederation implementation for the Border Gateway Protocol (BGP)&nbsp;in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Cisco Denial Of Service Ios Xr
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2024-26290 HIGH This Week

Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance (SDA+) on Linux allows. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-20146 HIGH This Week

A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2025-20142 HIGH This Week

A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-2205 MEDIUM POC This Month

The GDPR Cookie Compliance - Cookie Banner, Cookie Consent, Cookie Notice - CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS Gdpr Cookie Compliance PHP
NVD WPScan
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-0114 HIGH This Week

A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Denial Of Service Pan Os
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2024-58087 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Linux
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-1683 HIGH This Week

Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Platform Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21858 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in geneve_find_dev(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21863 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21856 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to device_release() in /drivers/base/core.c, a device without a release. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21855 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Don't reference skb after sending to VIOS Previously, after successfully flushing the xmit buffer to VIOS, the tx_bytes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-2240 HIGH PATCH This Week

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2025-27788 HIGH PATCH This Week

JSON is a JSON implementation for Ruby. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Javascript Object Notation Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-20209 HIGH This Week

A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-25709 HIGH This Week

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-20141 HIGH This Week

A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-0884 HIGH This Week

Unquoted Search Path or Element vulnerability in OpenText™ Service Manager. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-0117 HIGH This Week

A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Paloalto Google Privilege Escalation Microsoft +4
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-0813 HIGH This Week

unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to reboot the workstation and interrupt the normal boot process. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-2218 MEDIUM This Month

A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lovecards
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-2219 MEDIUM This Month

A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Lovecards
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-27017 MEDIUM PATCH This Month

Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Nifi
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-27794 MEDIUM PATCH This Month

Flarum is open-source forum software. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Flarum
NVD GitHub
CVSS 3.1
6.8
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy