Skip to main content
CVE-2025-2264 HIGH POC THREAT Act Now

Sante PACS Server contains an unauthenticated path traversal vulnerability that allows remote attackers to download arbitrary files from the server's installation drive. Medical imaging servers typically contain DICOM files with protected health information (PHI), making this a significant healthcare data breach vector.

Information Disclosure Path Traversal Sante Pacs Server
NVD
CVSS 3.1
7.5
EPSS
71.5%
Threat
5.1
CVE-2024-53406 HIGH POC This Week

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Esp Idf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-27138 HIGH POC This Week

DataEase is an open source business intelligence and data visualization tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dataease
NVD GitHub
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-29361 HIGH POC This Week

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Denial Of Service Rx3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-29358 HIGH POC This Week

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Denial Of Service Rx3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-29363 HIGH POC This Week

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartTime and schedEndTime parameters at /goform/saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Denial Of Service Rx3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-29362 HIGH POC This Week

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Denial Of Service Rx3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-29360 HIGH POC This Week

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Denial Of Service Rx3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-29359 HIGH POC This Week

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Denial Of Service Rx3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-29357 HIGH POC This Week

Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Denial Of Service Rx3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-24974 HIGH POC This Week

DataEase is an open source business intelligence and data visualization tool. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dataease
NVD GitHub
CVSS 4.0
7.3
EPSS
0.4%
CVE-2025-27103 HIGH POC This Week

DataEase is an open source business intelligence and data visualization tool. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dataease
NVD GitHub
CVSS 4.0
7.3
EPSS
0.2%
CVE-2025-1487 HIGH POC This Week

The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wowpth PHP
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-1486 HIGH POC This Week

The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wowpth PHP
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-1401 HIGH POC This Week

The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Click Info PHP
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13891 HIGH POC This Week

The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Schedule
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13885 HIGH POC This Week

The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp E Customers Beta
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13884 HIGH POC This Week

The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Limit Bio
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-1436 HIGH POC This Week

The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Limit Bio PHP
NVD WPScan
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-25598 HIGH This Week

Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Customer Monitor
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-2081 HIGH This Week

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-2079 HIGH This Week

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-27107 HIGH This Week

Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Java
NVD GitHub
CVSS 4.0
8.6
EPSS
0.6%
CVE-2025-2230 HIGH This Week

A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-2229 HIGH This Week

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-29995 HIGH This Week

This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure
NVD
CVSS 4.0
8.3
EPSS
0.2%
CVE-2025-29997 HIGH This Week

This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass
NVD
CVSS 4.0
8.2
EPSS
0.2%
CVE-2025-29996 HIGH This Week

This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass
NVD
CVSS 4.0
8.2
EPSS
0.2%
CVE-2025-29994 HIGH This Week

This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass
NVD
CVSS 4.0
8.2
EPSS
0.2%
CVE-2025-29998 HIGH This Week

This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-2280 HIGH This Week

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-1652 HIGH This Week

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Autocad Advance Steel +7
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1651 HIGH This Week

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Heap Overflow RCE Autocad Mechanical +8
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1650 HIGH This Week

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Autocad Autocad Architecture Autocad Electrical +6
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1649 HIGH This Week

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Autocad Autocad Architecture Autocad Electrical +6
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1433 HIGH This Week

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1432 HIGH This Week

A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure RCE Autocad +8
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1431 HIGH This Week

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1430 HIGH This Week

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Autocad Autocad Architecture Autocad Electrical +6
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1429 HIGH This Week

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Heap Overflow RCE Autocad +8
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1428 HIGH This Week

A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1427 HIGH This Week

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Autocad Autocad Architecture Autocad Electrical +6
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-2265 HIGH This Week

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-10942 HIGH This Week

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure WordPress PHP Deserialization
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2025-2271 HIGH This Week

A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-2106 HIGH This Week

The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text' and 'id' parameters of the limpia() function in all versions up to, and including, 1.0.8 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-1119 HIGH This Week

The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Code Injection
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2025-2284 HIGH This Week

A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-2107 HIGH This Week

The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the printResultAndDie() function in all versions up to, and including, 1.0.8 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-2277 HIGH This Week

Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy