Skip to main content
CVE-2025-29085 CRITICAL POC THREAT Emergency

SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.6% and no vendor patch available.

RCE SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
22.6%
Threat
4.1
CVE-2025-29062 CRITICAL POC Act Now

An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Bl Ac2100 Firmware
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2025-31477 CRITICAL POC PATCH Act Now

The Tauri shell plugin allows access to the system shell. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Plugin Shell
NVD GitHub
CVSS 4.0
9.3
EPSS
4.0%
CVE-2024-45064 HIGH POC This Week

A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow RCE X Cube Azrt H7Rs X Cube Azrtos F4 X Cube Azrtos F7 +7
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2024-50385 MEDIUM POC This Month

A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service X Cube Azrt H7Rs X Cube Azrtos F4 X Cube Azrtos F7 X Cube Azrtos G0 +6
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-50384 MEDIUM POC This Month

A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service X Cube Azrt H7Rs X Cube Azrtos F4 X Cube Azrtos F7 X Cube Azrtos G0 +6
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-29719 MEDIUM POC This Month

SourceCodester (rems) Employee Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add_employee.php via the First Name and Address text fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-2005 CRITICAL Act Now

The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE File Upload
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-40714 CRITICAL Act Now

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortisiem
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2025-31484 CRITICAL Act Now

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass
NVD GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-0415 CRITICAL Act Now

A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.2
EPSS
0.8%
CVE-2025-3119 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Tutor Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tutor Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-38392 CRITICAL Act Now

Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2025-3123 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Wondercms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2025-22923 HIGH This Week

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal Opensis
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2025-31722 HIGH PATCH This Week

In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Jenkins Templating Engine
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2025-0676 HIGH This Week

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation
NVD
CVSS 4.0
8.6
EPSS
1.6%
CVE-2025-3066 HIGH PATCH This Week

Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-3068 HIGH PATCH This Week

Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Android Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-3063 HIGH PATCH This Week

The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-3069 HIGH PATCH This Week

Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-22924 HIGH This Week

OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Opensis
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-3121 MEDIUM POC This Month

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-36465 HIGH PATCH This Week

A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

PHP SQLi Zabbix Suse
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-3067 HIGH PATCH This Week

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Android Suse
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2024-50597 MEDIUM POC This Month

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service X Cube Azrt H7Rs X Cube Azrtos F4 X Cube Azrtos F7 +7
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-50595 MEDIUM POC This Month

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service X Cube Azrt H7Rs X Cube Azrtos F4 X Cube Azrtos F7 +7
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-50594 MEDIUM POC This Month

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service X Cube Azrt H7Rs X Cube Azrtos F4 X Cube Azrtos F7 +7
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-25060 HIGH This Week

Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
8.2
EPSS
0.2%
CVE-2025-31479 HIGH This Week

canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Canonical
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-39780 HIGH PATCH This Week

A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Python Deserialization Robot Operating System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-36337 HIGH This Week

Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of confidentiality, integrity or availability. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Amd
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2024-36336 HIGH This Week

Integer overflow within the AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to a loss of confidentiality, integrity, or availability. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Amd
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2025-20212 HIGH This Week

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2025-30080 HIGH This Week

Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-37917 HIGH This Week

Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-2704 HIGH PATCH This Week

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openvpn Suse
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-22925 HIGH This Week

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table parameter at /attendance/AttendanceCodes.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Opensis Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-29981 HIGH This Week

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Wyse Management Suite
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-20139 HIGH This Week

A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Enterprise Chat And Email
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-45699 HIGH PATCH This Week

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP XSS Zabbix Suse
NVD
CVSS 4.0
7.5
EPSS
0.2%
CVE-2024-36328 HIGH This Week

Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of integrity or availability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Amd
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-0014 HIGH This Week

Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-30090 HIGH This Week

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-21993 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-29982 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Wyse Management Suite
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-25051 MEDIUM This Month

IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Jazz Reporting Service
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-3070 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Suse
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-13637 MEDIUM This Month

The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-2779 MEDIUM This Month

The Insert Headers and Footers Code - HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy