Skip to main content
CVE-2024-45064 HIGH POC This Week

A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow RCE X Cube Azrt H7Rs X Cube Azrtos F4 X Cube Azrtos F7 +7
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2025-22923 HIGH This Week

An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal Opensis
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2025-31722 HIGH PATCH This Week

In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Jenkins Templating Engine
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2025-0676 HIGH This Week

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation
NVD
CVSS 4.0
8.6
EPSS
1.6%
CVE-2025-3066 HIGH PATCH This Week

Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-3068 HIGH PATCH This Week

Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Android Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-3063 HIGH PATCH This Week

The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-3069 HIGH PATCH This Week

Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-22924 HIGH This Week

OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Opensis
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-36465 HIGH PATCH This Week

A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

PHP SQLi Zabbix Suse
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-3067 HIGH PATCH This Week

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Android Suse
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-25060 HIGH This Week

Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
8.2
EPSS
0.2%
CVE-2025-31479 HIGH This Week

canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Canonical
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-39780 HIGH PATCH This Week

A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Python Deserialization Robot Operating System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-36337 HIGH This Week

Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of confidentiality, integrity or availability. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Amd
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2024-36336 HIGH This Week

Integer overflow within the AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to a loss of confidentiality, integrity, or availability. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Amd
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2025-20212 HIGH This Week

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2025-30080 HIGH This Week

Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-37917 HIGH This Week

Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-2704 HIGH PATCH This Week

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openvpn Suse
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-22925 HIGH This Week

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table parameter at /attendance/AttendanceCodes.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Opensis Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-29981 HIGH This Week

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Wyse Management Suite
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-20139 HIGH This Week

A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Enterprise Chat And Email
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-45699 HIGH PATCH This Week

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP XSS Zabbix Suse
NVD
CVSS 4.0
7.5
EPSS
0.2%
CVE-2024-36328 HIGH This Week

Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of integrity or availability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Amd
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-0014 HIGH This Week

Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-30090 HIGH This Week

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-21993 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-21991 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Amd Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy