Skip to main content
CVE-2025-2563 HIGH POC THREAT Act Now

The User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their account role when the Membership Addon is enabled. This allows unauthenticated users to register with administrator privileges, bypassing all intended access controls.

WordPress Privilege Escalation User Registration Membership PHP
NVD WPScan
CVSS 3.1
8.1
EPSS
83.9%
Threat
5.6
CVE-2025-31490 HIGH POC PATCH This Week

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python SSRF Autogpt Platform
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-3546 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Magic Nx15 Firmware Magic Nx30 Pro Firmware Magic Nx400 Firmware Magic R3010 Firmware +1
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
1.0%
CVE-2025-22373 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-3545 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-3544 HIGH This Week

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-3543 HIGH This Week

A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-3542 HIGH This Week

A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-2160 HIGH This Week

Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-32913 HIGH PATCH This Week

A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2025-32906 HIGH PATCH This Week

A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-32908 HIGH PATCH This Week

A flaw was found in libsoup. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-3572 HIGH This Week

SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Smartrobot Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-32914 HIGH PATCH This Week

Out-of-bounds read in libsoup's soup_multipart_new_from_message() function allows remote attackers to disclose sensitive memory contents and potentially crash server applications. Malicious HTTP clients can trigger this memory safety flaw (CWE-125) by sending crafted multipart messages to libsoup-based servers, affecting Red Hat Enterprise Linux distributions and Debian systems. With EPSS at 0.52% (67th percentile) and no confirmed active exploitation, this represents moderate real-world risk requiring assessment of deployment exposure to untrusted HTTP clients.

Information Disclosure Buffer Overflow
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2025-31344 HIGH PATCH This Week

Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Red Hat Suse
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-2161 HIGH PATCH This Week

Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform Suse
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-27009 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro allows Stored XSS.6.20. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy