Skip to main content
CVE-2025-28409 HIGH POC This Week

{parentId} endpoint does not properly validate whether the requesting user has permission to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-28407 HIGH POC This Week

{dictId} endpoint does not properly validate whether the requesting user has permission to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruoyi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-3328 HIGH POC This Week

A vulnerability was found in Tenda AC1206 15.03.06.23. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac1206 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2025-30473 HIGH PATCH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow Common SQL Provider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache SQLi Airflow Common Sql Provider
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-31173 HIGH This Week

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-0942 HIGH This Week

The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection.0.6 and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2025-32409 HIGH This Week

Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Path Traversal
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2025-31175 HIGH This Week

Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2024-11859 HIGH This Week

DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.4
EPSS
0.4%
CVE-2025-31170 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58127 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58126 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58125 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58124 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-45552 HIGH This Week

Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Apq8064au Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +142
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2025-3425 HIGH This Week

The IntelliSpace portal application utilizes .NET Remoting for its functionality. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

RCE Deserialization
NVD
CVSS 4.0
7.3
EPSS
3.4%
CVE-2025-21447 HIGH This Week

Memory corruption may occur while processing device IO control call for session control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sc8380xp Firmware Wcd9380 Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21443 HIGH This Week

Memory corruption while processing message content in eAVB. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware Qam8650p Firmware +32
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21442 HIGH This Week

Memory corruption while transmitting packet mapping information with invalid header payload size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware Qam8650p Firmware +22
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21441 HIGH This Week

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fastconnect 7800 Firmware Qca1062 Firmware Qca1064 Firmware +46
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21440 HIGH This Week

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +46
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21438 HIGH This Week

Memory corruption while IOCTL call is invoked from user-space to read board data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +40
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21437 HIGH This Week

Memory corruption while processing memory map or unmap IOCTL operations simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Qam8255p Firmware Qam8295p Firmware +29
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21436 HIGH This Week

Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Fastconnect 7800 Firmware Qmp1000 Firmware +23
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21423 HIGH This Week

Memory corruption occurs when handling client calls to EnableTestMode through an Escape call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +41
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21421 HIGH This Week

Memory corruption while processing escape code in API. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +41
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45557 HIGH This Week

Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ar8035 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +57
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43066 HIGH This Week

Memory corruption while handling file descriptor during listener registration/de-registration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Csrb31024 Firmware Fastconnect 6200 Firmware +96
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43058 HIGH This Week

Memory corruption while processing IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Snapdragon 8 Gen 1 Mobile Platform Firmware Wcd9380 Firmware +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43067 HIGH This Week

Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qca6391 Firmware Qca6426 Firmware Qca6436 Firmware Qca6574au Firmware +54
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-3424 HIGH This Week

The IntelliSpace portal application utilizes .NET Remoting for its functionality. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2024-11071 HIGH This Week

Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-21448 HIGH This Week

Transient DOS may occur while parsing SSID in action frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcn9070 Firmware Qcn9072 Firmware Qcn9074 Firmware Qcn9100 Firmware +263
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-21435 HIGH This Week

Transient DOS may occur while parsing extended IE in beacon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +145
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-21434 HIGH This Week

Transient DOS may occur while parsing EHT operation IE or EHT capability IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcs8300 Firmware Qcs8550 Firmware Qcs9100 Firmware Qfw7114 Firmware +117
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-32031 HIGH PATCH This Week

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Apollo Gateway
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-32030 HIGH PATCH This Week

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Apollo Gateway
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-31496 HIGH PATCH This Week

apollo-compiler is a query-based compiler for the GraphQL query language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-32034 HIGH PATCH This Week

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-32033 HIGH PATCH This Week

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-32032 HIGH PATCH This Week

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-21430 HIGH This Week

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware +219
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-21429 HIGH This Week

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Sa9000p Firmware Sd626 Firmware Sd660 Firmware Sd670 Firmware +178
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-21428 HIGH This Week

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Snapdragon 439 Mobile Platform Firmware Snapdragon 625 Mobile Platform Firmware Snapdragon 626 Mobile Platform Firmware Snapdragon 632 Mobile Platform Firmware +65
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-20664 HIGH This Week

In wlan AP driver, there is a possible information disclosure due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Software Development Kit Mt7915 Mt7916 Mt7981 +3
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-20663 HIGH This Week

In wlan AP driver, there is a possible information disclosure due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Software Development Kit Mt7915 Mt7916 Mt7981 +1
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-58107 HIGH This Week

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-30195 HIGH This Week

An attacker can publish a zone containing specific Resource Record Sets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-58112 HIGH This Week

Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-58111 HIGH This Week

Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy