Skip to main content
CVE-2025-0986 MEDIUM This Month

IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure IBM Powervm Hypervisor
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2024-10307 MEDIUM This Month

An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31010 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Cross Site Request Forgery.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31474 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer allows Cross Site Request Forgery.2.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31456 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in bsndev Ultimate Security Checker allows Cross Site Request Forgery.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31438 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP Supersized allows Cross Site Request Forgery.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31079 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven allows Cross Site Request Forgery.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31335 MEDIUM PATCH This Month

The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Red Hat Suse
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-27574 LOW Monitor

Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.0
3.6
EPSS
0.1%
CVE-2025-2865 LOW Monitor

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

XSS Cors Misconfiguration Satech Bcu Firmware
NVD
CVSS 4.0
2.4
EPSS
0.1%
CVE-2025-30371 LOW Monitor

Metabase is a business intelligence and embedded analytics tool. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
2.1
EPSS
0.5%
CVE-2025-27726 LOW Monitor

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.0
2.1
EPSS
0.1%
CVE-2025-2864 LOW Monitor

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. Rated low severity (CVSS 2.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Satech Bcu Firmware
NVD
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-2920 LOW Monitor

A vulnerability was found in Netis WF-2404 1.1.124EN. Rated low severity (CVSS 1.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
1.0
EPSS
0.0%
CVE-2025-28089 CRITICAL POC Act Now

maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Maccms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-28256 CRITICAL POC Act Now

An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE A3100R Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2024-38985 CRITICAL POC Act Now

janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Depath
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-2922 LOW Monitor

A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Rated low severity (CVSS 1.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
1.0
EPSS
0.0%

Rejected reason: This vulnerability is redundant to CVE-2025-23366 and CVE-2024-10234. No vendor patch available.

Information Disclosure
NVD
CVE-2025-1781 HIGH POC This Week

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Css Validator
NVD GitHub
CVSS 4.0
8.4
EPSS
0.2%
CVE-2025-2894 MEDIUM POC This Week

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Go1 Firmware
NVD GitHub
CVSS 3.1
6.6
EPSS
0.4%
CVE-2025-24386 HIGH This Month

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.1%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy