Skip to main content
CVE-2025-29927 CRITICAL POC PATCH THREAT Act Now

Next.js versions 1.11.4 through 15.2.2 contain a critical middleware authorization bypass via the x-middleware-subrequest header. Attackers can send crafted requests that skip middleware entirely, bypassing authentication, authorization, and security headers enforced at the middleware layer.

Authentication Bypass Red Hat Next.js Vercel
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
93.0%
Threat
6.1
CVE-2025-29814 CRITICAL Act Now

Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.9% and no vendor patch available.

Microsoft Information Disclosure Partner Center
NVD
CVSS 3.1
9.3
EPSS
18.9%
CVE-2025-2609 MEDIUM POC PATCH This Month

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Magnusbilling
NVD GitHub
CVSS 3.1
6.1
EPSS
5.5%
CVE-2025-30349 HIGH Act Now

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.6% and no vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.2
EPSS
18.6%
CVE-2025-2610 MEDIUM POC PATCH This Month

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Magnusbilling
NVD GitHub
CVSS 3.1
5.4
EPSS
2.3%
CVE-2024-53351 CRITICAL PATCH Act Now

Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Pipecd Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-13903 MEDIUM POC PATCH This Month

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Quickjs
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-30342 MEDIUM POC This Month

An XSS issue was discovered in OpenSlides before 4.2.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openslides
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2592 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3.cpp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-2608 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banquet Booking System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2602 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft PHP SQLi Advocate Office Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2607 MEDIUM POC This Month

A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Lzcms Laozhangbokexitong
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2591 MEDIUM POC PATCH This Month

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-30344 MEDIUM POC This Month

An issue was discovered in OpenSlides before 4.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Openslides
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-2603 MEDIUM POC This Month

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft PHP SQLi Advocate Office Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2587 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Jinher OA C6 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jinher Oa C6
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2583 MEDIUM POC This Month

A vulnerability was found in SimpleMachines SMF 2.1.4. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Machines Forum
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-2589 MEDIUM POC This Month

A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical.go. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Human Resource Management
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-29807 HIGH This Week

Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Code Injection Deserialization Dataverse
NVD
CVSS 3.1
8.7
EPSS
1.0%
CVE-2025-2585 HIGH This Week

EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-2590 MEDIUM POC This Month

A vulnerability was found in code-projects Human Resource Management System 1.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Human Resource Management
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-29230 HIGH This Week

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2025-26336 HIGH This Week

Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Buffer Overflow Stack Overflow Chassis Management Controller For Poweredge Fx2 Firmware Chassis Management Controller For Poweredge Vrtx Firmware
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2024-44305 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24915 HIGH This Week

When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-57490 HIGH This Week

Guangzhou Hongfan Technology Co., LTD. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Ioffice20
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2024-54551 HIGH PATCH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-25068 HIGH PATCH This Week

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-30204 HIGH POC PATCH This Week

golang-jwt is a Go implementation of JSON Web Tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-53348 HIGH PATCH This Week

LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Loxilb Suse
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2024-53350 HIGH This Week

Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Kubeslice
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2024-53349 HIGH This Week

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Privilege Escalation Kuadrant
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2024-44199 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple macOS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-30343 LOW POC Monitor

A directory traversal issue was discovered in OpenSlides before 4.2.5. Rated low severity (CVSS 3.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Openslides
NVD
CVSS 3.1
3.0
EPSS
0.4%
CVE-2025-30168 MEDIUM PATCH This Month

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Node.js
NVD GitHub
CVSS 3.1
6.9
EPSS
0.2%
CVE-2023-43029 MEDIUM This Month

IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Storage Virtualize Plugin For Vsphere
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-54564 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30157 MEDIUM PATCH This Month

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-29227 MEDIUM This Month

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2025-29226 MEDIUM This Month

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2025-29223 MEDIUM This Month

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2025-2584 LOW POC Monitor

A vulnerability was found in WebAssembly wabt 1.0.36. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Wabt
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.2%
CVE-2024-50053 MEDIUM This Month

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp Manageengine Supportcentre Plus
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-2598 MEDIUM PATCH This Month

When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aws Cloud Development Kit
NVD GitHub
CVSS 4.0
5.7
EPSS
0.0%
CVE-2023-28207 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-2581 MEDIUM This Month

A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xmedcon
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2025-30346 MEDIUM PATCH This Month

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Request Smuggling Varnish Enterprise Varnish Cache Red Hat +1
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-27933 MEDIUM PATCH This Month

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2021-25635 MEDIUM PATCH This Month

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required.

Information Disclosure Libreoffice Red Hat Suse
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2025-2597 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in ITIUM 6050 version 5.5.5.2-b3526 from Impact Technologies. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Itium 6050 Firmware
NVD
CVSS 4.0
5.1
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy