Skip to main content
CVE-2024-4877 HIGH This Week

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Openvpn Windows
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-3136 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3162 MEDIUM POC This Month

A vulnerability was found in InternLM LMDeploy up to 0.7.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Lmdeploy
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3163 MEDIUM POC This Month

A vulnerability was found in InternLM LMDeploy up to 0.7.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lmdeploy
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3159 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3160 MEDIUM POC PATCH This Month

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3166 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Product Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Product Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-31115 HIGH PATCH CISA This Week

XZ Utils provide a general-purpose data-compression library plus command-line tools. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-31119 HIGH PATCH This Week

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
7.6
EPSS
2.0%
CVE-2024-53868 HIGH This Week

Apache Traffic Server allows request smuggling if chunked messages are malformed.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Request Smuggling Traffic Server
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2025-32049 HIGH PATCH This Week

A flaw was found in libsoup. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2025-21999 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-31487 HIGH PATCH This Week

The XWiki JIRA extension provides various integration points between XWiki and JIRA (macros, UI, CKEditor plugin). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Atlassian
NVD GitHub
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-31098 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in debounce DeBounce Email Validator allows PHP Local File Inclusion.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-22931 HIGH This Week

An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Opensis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-47215 HIGH PATCH This Week

An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Snowbridge
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-47214 HIGH This Week

An issue was discovered in Iglu Server 0.13.0 and below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iglu Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-47213 HIGH This Week

An issue was discovered affecting Enrich 5.1.0 and below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Enrich
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-47212 HIGH This Week

An issue was discovered in Iglu Server 0.13.0 and below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Iglu Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-56528 HIGH PATCH This Week

This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Stream Collector
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-31481 HIGH PATCH This Week

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-31909 HIGH This Week

Missing Authorization vulnerability in NotFound Apptivo Business Site CRM allows Exploiting Incorrectly Configured Access Control Security Levels.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-31485 HIGH PATCH This Week

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-30370 HIGH PATCH This Week

jupyterlab-git is a JupyterLab extension for version control using Git. Rated high severity (CVSS 7.4). No vendor patch available.

Apple Command Injection macOS Red Hat
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-31907 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labib Ahmed Team Builder allows Reflected XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31905 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Team Rosters allows Reflected XSS.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31903 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound XV Random Quotes allows Reflected XSS.37. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31902 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Social Share And Social Locker allows Reflected XSS.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31901 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digihood Digihood HTML Sitemap allows Reflected XSS.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31900 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lexicata Lexicata allows Reflected XSS.0.16. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31899 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpshopee Awesome Logos allows Reflected XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31898 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MediaView allows Reflected XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31626 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31582 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani Contact Form vCard Generator allows Stored XSS.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31573 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31536 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moshensky CF7 Spreadsheets allows Reflected XSS.3.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31468 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP_Identicon allows Reflected XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31467 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Flickr Photostream allows Reflected XSS.1.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31442 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Search engine keywords highlighter allows Reflected XSS.1.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31436 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato Blubrry PowerPress Podcasting plugin MultiSite add-on allows Reflected XSS.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-30858 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Snow Storm allows Reflected XSS.4.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-30616 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Latest Custom Post Type Updates allows Reflected XSS.3.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-30611 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Wptobe-signinup allows Reflected XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-30908 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Directory Free allows Stored XSS.7.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-3171 MEDIUM This Month

A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Lawyer Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3176 MEDIUM This Month

A vulnerability was found in Project Worlds Online Lawyer Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Lawyer Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3175 MEDIUM This Month

A vulnerability was found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Lawyer Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3172 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Project Worlds Online Lawyer Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Lawyer Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31334 MEDIUM This Month

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Winrar
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2025-32053 MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
1.1%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy