Skip to main content
CVE-2025-26682 HIGH Act Now

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 47.0% and no vendor patch available.

Denial Of Service Asp Net Core Visual Studio 2022 Red Hat
NVD
CVSS 3.1
7.5
EPSS
47.0%
CVE-2025-26673 HIGH Act Now

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 44.1% and no vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
44.1%
CVE-2025-27473 HIGH Act Now

Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
42.4%
CVE-2025-27469 HIGH Act Now

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
42.4%
CVE-2025-26680 HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
7.5
EPSS
42.4%
CVE-2025-26652 HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
7.5
EPSS
42.4%
CVE-2025-26641 HIGH Act Now

Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.4% and no vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
42.4%
CVE-2025-27479 HIGH Act Now

Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 39.5% and no vendor patch available.

Microsoft Authentication Bypass Windows Server 2012 Windows Server 2016 Windows Server 2019 +4
NVD
CVSS 3.1
7.5
EPSS
39.5%
CVE-2025-27470 HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 39.5% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
7.5
EPSS
39.5%
CVE-2025-24447 CRITICAL Act Now

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 28.4% and no vendor patch available.

RCE Deserialization Coldfusion
NVD
CVSS 3.1
9.1
EPSS
28.4%
CVE-2025-21174 HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 35.9% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
7.5
EPSS
35.9%
CVE-2025-26651 MEDIUM This Month

Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 39.8% and no vendor patch available.

Microsoft Information Disclosure Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +4
NVD
CVSS 3.1
6.5
EPSS
39.8%
CVE-2025-27486 HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.1% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
7.5
EPSS
33.1%
CVE-2025-27485 HIGH Act Now

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.1% and no vendor patch available.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
7.5
EPSS
33.1%
CVE-2025-32028 CRITICAL POC Act Now

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Haxcms Php
NVD GitHub
CVSS 3.1
9.9
EPSS
0.6%
CVE-2025-30285 HIGH Act Now

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 26.4% and no vendor patch available.

RCE Deserialization Coldfusion
NVD
CVSS 3.1
8.4
EPSS
26.4%
CVE-2025-30284 HIGH Act Now

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 24.4% and no vendor patch available.

RCE Deserialization Coldfusion
NVD
CVSS 3.1
8.4
EPSS
24.4%
CVE-2025-27751 HIGH POC This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +4
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2025-29793 HIGH Act Now

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.9% and no vendor patch available.

Microsoft Deserialization Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
21.9%
CVE-2025-30281 CRITICAL Act Now

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Authentication Bypass Coldfusion
NVD
CVSS 3.1
9.1
EPSS
7.3%
CVE-2025-24446 CRITICAL Act Now

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Coldfusion
NVD
CVSS 3.1
9.1
EPSS
6.9%
CVE-2024-41794 CRITICAL Act Now

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
10.0
EPSS
0.3%
CVE-2025-3363 CRITICAL Act Now

The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-3362 CRITICAL Act Now

The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-3361 CRITICAL Act Now

The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-31330 CRITICAL Act Now

SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection SAP
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2025-27429 CRITICAL Act Now

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection SAP
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2025-30016 CRITICAL Act Now

SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48887 CRITICAL Act Now

A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortiswitch
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-25226 CRITICAL PATCH Act Now

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Joomla
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-41790 CRITICAL Act Now

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
9.4
EPSS
1.0%
CVE-2024-41789 CRITICAL Act Now

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
9.4
EPSS
1.0%
CVE-2024-41788 CRITICAL Act Now

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
9.4
EPSS
1.0%
CVE-2025-30150 MEDIUM POC PATCH This Month

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Shopware
NVD GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-2004 CRITICAL Act Now

The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP RCE
NVD
CVSS 3.1
9.1
EPSS
1.8%
CVE-2025-30282 CRITICAL Act Now

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Coldfusion
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-54092 CRITICAL Act Now

A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-3410 MEDIUM POC This Month

A vulnerability classified as critical was found in mymagicpower AIAS 20250308. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java Aias
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-32020 CRITICAL PATCH Act Now

The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-3397 MEDIUM POC This Month

A vulnerability classified as problematic has been found in YzmCMS 7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3412 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Aias
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3411 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Aias
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3402 MEDIUM POC This Month

A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical.js%70. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft SQLi Fe Collaborative Office Platform
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-27477 HIGH This Week

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2024-41792 CRITICAL Act Now

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
9.2
EPSS
0.6%
CVE-2025-21204 HIGH This Week

Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
7.3%
CVE-2025-26647 HIGH This Week

Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2025-22871 CRITICAL PATCH CISA GHSA Act Now

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-3391 MEDIUM POC This Month

A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3392 MEDIUM POC This Month

A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy