Skip to main content
CVE-2024-12971 HIGH POC THREAT Act Now

Pandora FMS monitoring platform versions 700 through 777.6 contain a command injection vulnerability that allows OS command execution. The improper neutralization of special elements in monitoring agent communication enables attackers to execute arbitrary commands on the Pandora FMS server with the application's privileges.

Command Injection Pandora Fms
NVD
CVSS 4.0
8.6
EPSS
73.6%
Threat
5.4
CVE-2025-29909 HIGH POC PATCH This Week

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow RCE Denial Of Service Cryptolib
NVD GitHub
CVSS 4.0
8.9
EPSS
1.7%
CVE-2025-29912 HIGH POC PATCH This Week

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE Denial Of Service Cryptolib
NVD GitHub
CVSS 4.0
8.9
EPSS
1.1%
CVE-2025-29911 HIGH POC This Week

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Denial Of Service Cryptolib
NVD GitHub
CVSS 4.0
8.9
EPSS
0.5%
CVE-2025-29913 HIGH POC This Week

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow RCE Denial Of Service Cryptolib
NVD GitHub
CVSS 4.0
8.9
EPSS
0.4%
CVE-2025-2370 HIGH POC This Week

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-2369 HIGH POC This Week

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-54525 HIGH This Week

A logic issue was addressed with improved file handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple File Upload
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2025-2396 HIGH This Week

The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE File Upload U Office Force
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-48013 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Privilege Escalation Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-49559 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-12992 HIGH This Week

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE.6 . Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Pandora Fms
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2025-0833 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-0832 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-0830 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-0829 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-0828 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-0826 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting 3D Navigate in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-0601 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-0600 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Product Explorer in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-0599 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-0598 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Relations in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-0596 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting Bookmark Editor in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-0827 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-0595 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-2398 HIGH This Week

A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2024-48831 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Smartfabric Os10
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-2241 HIGH PATCH This Week

A credential exposure vulnerability in Red Hat Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM), allows VCenter credentials to leak into ClusterProvision objects after VSphere cluster provisioning. Users with read access to ClusterProvision objects can extract these credentials without needing direct Kubernetes Secret access, enabling unauthorized VCenter access, cluster manipulation, and privilege escalation. With an EPSS score of 0.13% (32nd percentile), active exploitation is currently assessed as low probability, and no public exploits have been reported.

Red Hat Kubernetes Information Disclosure Privilege Escalation Suse
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-54027 HIGH This Week

A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortisandbox
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-1724 HIGH This Week

Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.4
EPSS
2.3%
CVE-2024-48830 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22472 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22473 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49561 HIGH PATCH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Information Disclosure Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-25684 HIGH This Week

A lack of validation in the path parameter (/download) of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-25685 HIGH This Week

An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-29786 HIGH PATCH This Week

Expr is an expression language and expression evaluation for Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-29787 HIGH PATCH This Week

`zip` is a zip library for rust which supports reading and writing of simple ZIP files. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 4.0
7.3
EPSS
0.3%
CVE-2024-44276 HIGH This Week

This issue was addressed by using HTTPS when sending information over the network. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-26125 HIGH This Week

An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-25612 HIGH This Week

FS Inc S3150-8T2F prior to version S3150-8T2F_2.2.0D_135103 is vulnerable to Cross Site Scripting (XSS) in the Time Range Configuration functionality of the administration interface. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy