Skip to main content
CVE-2025-24250 CRITICAL Act Now

This issue was addressed with improved access restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24247 CRITICAL Act Now

A type confusion issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24246 CRITICAL Act Now

An injection issue was addressed with improved validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24232 CRITICAL Act Now

This issue was addressed through improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24231 CRITICAL Act Now

The issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-31182 CRITICAL Act Now

This issue was addressed with improved handling of symlinks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24249 CRITICAL Act Now

A permissions issue was addressed with additional sandbox restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24233 CRITICAL Act Now

A permissions issue was addressed with additional restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24207 CRITICAL Act Now

A permissions issue was addressed with additional restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24181 CRITICAL Act Now

A permissions issue was addressed with additional restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24178 CRITICAL Act Now

This issue was addressed through improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-24195 CRITICAL Act Now

An integer overflow was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-24167 CRITICAL Act Now

This issue was addressed through improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-30433 CRITICAL Act Now

This issue was addressed with improved access restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-24259 CRITICAL Act Now

This issue was addressed with additional entitlement checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-24241 CRITICAL Act Now

A configuration issue was addressed with additional restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-30444 CRITICAL Act Now

A race condition was addressed with improved locking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Race Condition
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-30458 CRITICAL Act Now

A permissions issue was addressed with additional restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple macOS
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-30430 CRITICAL Act Now

This issue was addressed through improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-30462 CRITICAL Act Now

A library injection issue was addressed with additional restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-31194 CRITICAL Act Now

An authentication issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-3011 CRITICAL Act Now

SOOP-CLM from PiExtract has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-24269 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service macOS
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-24263 CRITICAL Act Now

A privacy issue was addressed by moving sensitive data to a protected location. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-25211 CRITICAL Act Now

Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-24172 CRITICAL Act Now

A permissions issue was addressed with additional sandbox restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-31681 CRITICAL PATCH Act Now

Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.0.0 before 2.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Authenticator Login Drupal
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-31691 CRITICAL PATCH Act Now

Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.0.0 before 2.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oauth2 Server Drupal
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-30465 CRITICAL Act Now

A permissions issue was addressed with improved validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-30461 CRITICAL Act Now

An access issue was addressed with additional sandbox restrictions on the system pasteboards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-24245 CRITICAL Act Now

This issue was addressed by adding a delay between verification code attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-24204 CRITICAL Act Now

The issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-29266 CRITICAL Act Now

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2025-3022 CRITICAL Act Now

Os command injection vulnerability in e-solutions e-management. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Apache PHP
NVD
CVSS 4.0
9.3
EPSS
1.6%
CVE-2025-1268 CRITICAL Act Now

An out-of-bounds write vulnerability exists in the EMF Recode processing functionality of multiple Canon printer drivers, allowing remote attackers to execute arbitrary code or crash the system without authentication. The vulnerability affects a wide range of Canon's Generic Plus and standard printer drivers (PCL6, UFR II, LIPS4, LIPSLX, PS, FAX, CARPS2, and PDF drivers) and has a critical CVSS score of 9.4. With an EPSS score of 0.44% (63rd percentile), the vulnerability shows moderate real-world exploitation likelihood, though no active exploitation or public proof-of-concept has been reported.

Buffer Overflow HP
NVD VulDB
CVSS 3.1
9.4
EPSS
0.4%
CVE-2025-3016 MEDIUM POC PATCH This Month

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-3015 MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-3040 MEDIUM POC This Month

A vulnerability was found in Project Worlds Online Time Table Generator 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Online Time Table Generator
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-2978 MEDIUM POC This Month

A vulnerability was found in WCMS 11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Wcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-2997 MEDIUM POC This Month

A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Youkefu
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3039 MEDIUM POC This Month

A vulnerability was found in code-projects Payroll Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3038 MEDIUM POC This Month

A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2985 MEDIUM POC This Month

A vulnerability was found in code-projects Payroll Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2984 MEDIUM POC This Month

A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3018 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-31685 CRITICAL PATCH Act Now

Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.0.0 before 12.3.11, from 12.4.0 before 12.4.10. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Open Social Drupal
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-3005 MEDIUM POC This Month

A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Forestblog
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-3004 MEDIUM POC This Month

A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Forestblog Red Hat
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-2974 MEDIUM POC This Month

A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Perfex Crm
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2977 MEDIUM POC This Month

A vulnerability was found in GFI KerioConnect 10.0.6. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kerio Connect
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
Prev Page 2 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy