Skip to main content
CVE-2024-36842 HIGH This Week

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Google Android
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2025-30701 HIGH PATCH This Week

Vulnerability in the RAS Security component of Oracle Database Server. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Oracle Authentication Bypass Privilege Escalation Ras Security
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-32780 HIGH This Week

BleachBit cleans files to free disk space and to maintain privacy. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Windows Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-30690 HIGH PATCH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Rated high severity (CVSS 7.2).

Oracle Authentication Bypass Solaris
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-32923 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Tourmaster allows Reflected XSS. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-30984 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound SEO Tools allows Reflected XSS.0.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-30970 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Contact allows Reflected XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-26746 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Advanced Custom Fields: Link Picker Field allows Reflected XSS.2.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22263 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Global Gallery allows Reflected XSS.8.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31011 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Reflected XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-30962 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound FS Poster allows Reflected XSS.5.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-26992 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat allows Reflected XSS.7.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-26954 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 1pluginjquery ZooEffect allows Reflected XSS.11. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-26743 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC.K Advance WP Query Search Filter allows Reflected XSS.0.10. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-32779 MEDIUM This Month

E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
3.0%
CVE-2025-30512 MEDIUM This Month

Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-31360 MEDIUM This Month

Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-27565 MEDIUM This Month

An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-27561 MEDIUM This Month

Unauthenticated attackers can rename "rooms" of arbitrary users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-24315 MEDIUM This Month

Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-25276 MEDIUM This Month

An unauthenticated attacker can hijack other users' devices and potentially control them. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-26857 MEDIUM This Month

Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31950 MEDIUM This Month

An unauthenticated attacker can obtain EV charger energy consumption information of other users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31945 MEDIUM This Month

An unauthenticated attacker can obtain other users' charger information. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31147 MEDIUM This Month

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-30257 MEDIUM This Month

Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27929 MEDIUM This Month

Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27927 MEDIUM This Month

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27719 MEDIUM This Month

Unauthenticated attackers can query an API endpoint and get device details. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27575 MEDIUM This Month

An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31941 MEDIUM This Month

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31933 MEDIUM This Month

An unauthenticated attacker can check the existence of usernames in the system by querying an API. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31357 MEDIUM This Month

An unauthenticated attacker can obtain a user's plant list by knowing the username. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-30514 MEDIUM This Month

Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes"). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-30254 MEDIUM This Month

An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27938 MEDIUM This Month

Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms"). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27568 MEDIUM This Month

An unauthenticated attacker can get users' emails by knowing usernames. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-24487 MEDIUM This Month

An unauthenticated attacker can infer the existence of usernames in the system by querying an API. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31654 MEDIUM This Month

An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms"). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-24850 MEDIUM This Month

An attacker can export other users' plant information. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-31949 MEDIUM This Month

An authenticated attacker can obtain any plant name by knowing the plant ID. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-27939 MEDIUM This Month

An attacker can change registered email addresses of other users and take over arbitrary accounts. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-21578 MEDIUM PATCH This Month

Vulnerability in Oracle Secure Backup (component: General). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Oracle Secure Backup
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-30725 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.7). This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Vm Virtualbox
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-29984 MEDIUM This Month

Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Dell Authentication Bypass Trusted Device Agent
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-29983 MEDIUM This Month

Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Dell Information Disclosure Trusted Device Agent
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2020-18243 MEDIUM This Month

SQL injection vulnerability found in Enricozab CMS v.1.0 allows a remote attacker to execute arbitrary code via /hdo/hdo-view-case.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP SQLi Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-30733 MEDIUM PATCH This Month

Vulnerability in the RDBMS Listener component of Oracle Database Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Oracle Authentication Bypass Rdbms Listener
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-32439 MEDIUM PATCH This Month

pleezer is a headless Deezer Connect player. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30740 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
6.5
EPSS
0.3%
Prev Page 3 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy