Skip to main content
CVE-2025-0694 MEDIUM CISA This Month

Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-26138 MEDIUM This Month

Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Risk Value
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-44314 MEDIUM PATCH This Month

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Tastyigniter
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30110 MEDIUM This Month

On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30109 MEDIUM This Month

In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-27080 MEDIUM This Month

Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2024-41975 MEDIUM CISA This Month

An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-2495 MEDIUM This Month

Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel Ltd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Softdial Contact Center
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2487 MEDIUM PATCH This Month

A flaw was found in the 389-ds-base LDAP Server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2025-25042 MEDIUM This Month

A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-49822 MEDIUM This Month

IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Qradar Advisor
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-25040 LOW Monitor

A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches -. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Aruba Authentication Bypass
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-30140 HIGH This Month

An issue was discovered on G-Net Dashcam BB GONX devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass G Onx Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-12563 HIGH This Month

The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE LFI WordPress
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-30142 HIGH This Month

An issue was discovered on G-Net Dashcam BB GONX devices. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass G Onx Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-30141 HIGH This Month

An issue was discovered on G-Net Dashcam BB GONX devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass G Onx Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-30139 CRITICAL This Week

An issue was discovered on G-Net Dashcam BB GONX devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure G Onx Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-30138 MEDIUM Monitor

An issue was discovered on G-Net Dashcam BB GONX devices. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass G Onx Firmware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-30137 CRITICAL This Week

An issue was discovered in the G-Net GNET APK 2.6.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-29930 MEDIUM This Month

imFAQ is an advanced questions and answers management system for ImpressCMS. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-29907 HIGH POC PATCH This Week

jsPDF is a library to generate PDFs in JavaScript. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jspdf
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-29790 MEDIUM PATCH Monitor

Contao is an Open Source CMS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Contao
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy