Skip to main content
CVE-2025-30004 HIGH POC THREAT Act Now

Xorcom CompletePBX through version 5.2.35 contains an authenticated command injection vulnerability in the Task Scheduler functionality. Attackers with administrator access can inject arbitrary OS commands that execute as root, achieving complete system compromise of the VoIP PBX.

Command Injection Completepbx
NVD
CVSS 3.1
8.8
EPSS
78.6%
Threat
5.6
CVE-2025-30005 HIGH POC THREAT Act Now

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 74.7% and no vendor patch available.

Path Traversal Completepbx
NVD
CVSS 3.1
8.3
EPSS
74.7%
Threat
5.4
CVE-2025-30161 HIGH POC This Week

OpenEMR is a free and open source electronic health records and medical practice management application. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openemr
NVD GitHub
CVSS 4.0
8.4
EPSS
0.5%
CVE-2023-0881 HIGH POC This Week

Running DDoS on tcp port 22 will trigger a kernel crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Bluefield
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-29772 HIGH POC PATCH This Week

OpenEMR is a free and open source electronic health records and medical practice management application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Openemr
NVD GitHub
CVSS 4.0
7.2
EPSS
0.7%
CVE-2025-2794 HIGH This Week

An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition.0.180. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xperience
NVD
CVSS 4.0
8.7
EPSS
1.1%
CVE-2025-2402 HIGH This Week

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Business Hub
NVD GitHub
CVSS 4.0
8.8
EPSS
0.5%
CVE-2025-31129 HIGH PATCH This Week

Jooby is a web framework for Java and Kotlin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-24196 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apple macOS
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-24254 HIGH This Week

This issue was addressed with improved validation of symlinks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-31676 HIGH PATCH This Week

Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.0.0 before 2.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Email Tfa Drupal
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-3021 HIGH This Week

Path Traversal vulnerability in e-solutions e-management. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2025-31677 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.0.0 before 1.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Artificial Intelligence Drupal
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-31690 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.0.0 before 1.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cache Utility Drupal
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-31123 HIGH PATCH This Week

Zitadel is open-source identity infrastructure software. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zitadel
NVD GitHub
CVSS 3.1
8.7
EPSS
0.3%
CVE-2024-12021 HIGH This Week

Coverity versions prior to 2024.9.0 are vulnerable to stored cross-site scripting (XSS) in various administrative interfaces. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2025-31547 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows SQL Injection.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-31542 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wphocus My auctions allegro allows Blind SQL Injection.6.20. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-31526 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager allows SQL Injection.7.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-24255 HIGH This Week

A file access issue was addressed with improved input validation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-3014 HIGH This Week

Insecure Direct Object References (IDOR) in access control in Tracking 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.3
EPSS
0.2%
CVE-2025-3013 HIGH This Week

Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.3
EPSS
0.2%
CVE-2025-31678 HIGH PATCH This Week

Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.0.0 before 1.0.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Artificial Intelligence Drupal
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2025-26683 HIGH This Week

Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Azure Playwright
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2025-31686 HIGH PATCH This Week

Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.0.0 before 12.3.11, from 12.4.0 before 12.4.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Open Social Drupal
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-24180 HIGH This Week

The issue was addressed with improved input validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Open Redirect
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-31694 HIGH PATCH This Week

Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.0.0 before 1.10.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Two Factor Authentication Drupal
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-31689 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.0.0 before 3.0.1, from 3.1.0 before 3.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF General Data Protection Regulation Drupal
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-24213 HIGH PATCH This Week

This issue was addressed with improved handling of floats. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24228 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Apple
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24243 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-31184 HIGH This Week

This issue was addressed with improved permissions checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30449 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24277 HIGH This Week

A parsing issue in the handling of directory paths was addressed with improved path validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24267 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24234 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30464 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-31188 HIGH This Week

A race condition was addressed with additional validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Race Condition Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30456 HIGH This Week

A parsing issue in the handling of directory paths was addressed with improved path validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24170 HIGH This Week

A logic issue was addressed with improved file handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24173 HIGH This Week

This issue was addressed with additional entitlement checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21893 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in key_put() Once a key's reference count has been reduced to 0, the garbage collector thread may destroy it at any. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-31674 HIGH PATCH This Week

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Drupal
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2025-30471 HIGH This Week

A validation issue was addressed with improved logic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2025-24209 HIGH PATCH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
7.0
EPSS
3.4%
CVE-2025-24095 HIGH This Week

This issue was addressed with additional entitlement checks. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2025-31692 HIGH PATCH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.0.0 before 1.0.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Artificial Intelligence Drupal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-31387 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion.1.0.82. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-30835 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Accounting for WooCommerce allows PHP Local File Inclusion.6.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI WordPress PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-31103 HIGH This Week

Untrusted data deserialization vulnerability exists in a-blog cms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization A Blog Cms
NVD
CVSS 3.1
7.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy