Skip to main content
CVE-2025-1098 HIGH POC PATCH THREAT CERT-EU Act Now

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress annotations. Attackers can inject arbitrary NGINX configuration directives that lead to code execution in the ingress controller context, exposing cluster Secrets. This is a companion vulnerability to CVE-2025-1974 (IngressNightmare).

Nginx RCE Kubernetes Red Hat Suse
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
49.9%
Threat
4.8
CVE-2025-29635 HIGH POC KEV THREAT Act Now

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.6%
Threat
4.5
CVE-2025-24514 HIGH POC PATCH THREAT CERT-EU Act Now

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

Nginx RCE Kubernetes Red Hat Suse
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
23.0%
Threat
4.0
CVE-2025-1097 HIGH POC PATCH THREAT CERT-EU Act Now

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

Nginx RCE Kubernetes Red Hat Suse
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
20.8%
CVE-2025-30567 HIGH POC THREAT Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wp01ru WP01 allows Path Traversal.6.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 27.2% and no vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
27.2%
CVE-2024-13617 HIGH POC This Week

The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Downloadable By American Osteopathic Association
NVD WPScan
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-25371 HIGH POC This Week

NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-25374 HIGH POC This Week

In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-25372 HIGH POC This Week

NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-13863 HIGH POC This Week

The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Stylish Google Sheet Reader
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-2319 HIGH This Week

The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-12169 HIGH This Week

A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-8313 HIGH This Week

An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-1445 HIGH This Week

A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-2725 HIGH This Week

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2732 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2731 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2730 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2729 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2728 HIGH This Week

A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2727 HIGH This Week

A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-2726 HIGH This Week

A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2024-10209 HIGH This Week

An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL <4.4-01 may allow an authenticated local attacker to read and alter the configuration of. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2024-45482 HIGH This Week

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2024-45481 HIGH This Week

An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2024-53679 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Vcl
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2025-27147 HIGH This Week

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal VMware Windows
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-30214 HIGH PATCH This Week

Frappe is a full-stack web application framework. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Frappe
NVD GitHub
CVSS 4.0
8.0
EPSS
0.1%
CVE-2025-2532 HIGH This Week

Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Keyshot
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-2530 HIGH This Week

Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Keyshot
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-2531 HIGH This Week

Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Keyshot
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-27833 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27835 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27830 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27834 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22230 HIGH This Week

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass VMware Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-30118 HIGH This Week

An issue was discovered on the Audi Universal Traffic Recorder 2.88. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-44903 HIGH This Week

SQL Injection can occur in the SirsiDynix Horizon Information Portal (IPAC20) through 3.25_9382; however, a patch is available from the vendor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13690 HIGH This Week

The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-58105 HIGH This Week

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Apex One
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-58104 HIGH This Week

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Apex One
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-45484 HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in the operating system network configuration used in B&R APROL <4.4-00P5 may allow an unauthenticated adjacent attacker to. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2024-45483 HIGH This Week

A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL <4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2024-13618 HIGH POC This Month

The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress PHP Downloadable By American Osteopathic Association
NVD WPScan
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-10210 HIGH This Month

An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL <4.4-005P may allow an authenticated network-based attacker to access data from the file system. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy